RHEL 8 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...

RHEL 5 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - evolution: incorrect selection of recipient gpg public key for encrypted mail CVE-2013-4166 - GNOME...

RHEL 6 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

RHEL 7 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...

RHEL 5 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

RHEL 6 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages CVE-2018-1558...

RHEL 7 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 - In GNOME...

RHEL 4 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - DoS from large email CVE-2006-0040 - evolution: mailto URL scheme attachment header improper input...

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consis...

RHEL 7 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

RHEL 6 : evolution-data-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - evolution-data-server: Unsafe use of strcat allows buffer overflow in addressbook/backends/ldap/e-book-...

BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR

BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the...

CVE-2024-29844

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the us...

CVE-2024-29843

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILEGETUSERSLIST, allowing for an unauthenticated attacker to enumerate all users and their access levels...

CVE-2024-29842

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETABACARDFIELDS, allowing for an unauthenticated attacker to return the abacard field of any user...

CVE-2024-29842

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETABACARDFIELDS, allowing for an unauthenticated attacker to return the abacard field of any user...

CVE-2024-29844

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the us...

CVE-2024-29843

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILEGETUSERSLIST, allowing for an unauthenticated attacker to enumerate all users and their access levels...

CVE-2024-29841

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...