Lucene search
K

2294 matches found

The Hacker News
The Hacker News
added 2023/07/14 10:12 a.m.40 views

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform GCP services, marking the adversary's expansion in targeting beyond Amazon Web Services AWS. The findings come from SentinelOne and Permiso, which said the...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/07 11:21 p.m.27 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-35890)

Summary WebSphere Application Server, shipped with IBM WebSphere Remote Server, is vulnerable to spoofing when using Web Server Plug-ins. Information about a security vulnerability affecting WebSphere Application when using Web Server Plug-ins has been published in a security bulletin...

5.5CVSS5.4AI score0.00122EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.40 views

Amazon Linux AMI : squid (ALAS-2023-1774)

The version of squid installed on the remote host is prior to 3.5.20-17.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1774 advisory. An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When...

9.8CVSS7.2AI score0.20251EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/06/29 1:40 p.m.39 views

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/22 1:5 p.m.21 views

Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach...

7.2AI score
Exploits0
OSV
OSV
added 2023/06/07 3:52 p.m.20 views

GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.6AI score0.00549EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.15 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7AI score0.00549EPSS
Exploits0References9Affected Software1
The Hacker News
The Hacker News
added 2023/06/06 6:57 a.m.42 views

Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts. "The threat actor behind this ransomware-as-a-service promotes its offering on forums," Uptycs said in a new report. "Ther...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/06 6:57 a.m.3 views

Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts. "The threat actor behind this ransomware-as-a-service promotes its offering on forums," Uptycs said in a new report. "Ther...

6.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/02 2:37 p.m.21 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-32342)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/05/22 4:15 p.m.16 views

Cross site scripting

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...

5CVSS6.7AI score0.00526EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.32 views

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2023:2763)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2763 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

7.5CVSS7AI score0.03213EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/05/16 8:31 a.m.77 views

Moderate: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.7AI score0.05623EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.24 views

CentOS 8 : python27:2.7 (CESA-2023:2860)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2860 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decode...

7.5CVSS7.1AI score0.02453EPSS
Exploits1References2
OSV
OSV
added 2023/05/16 12:0 a.m.41 views

ALSA-2023:2866 Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...

7.5CVSS7.1AI score0.05623EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.36 views

MariaDB 10.5.0 < 10.5.20

The version of MariaDB installed on the remote host is prior to 10.5.20. It is, therefore, affected by a vulnerability as referenced in the 10.5.20 advisory. - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to...

6.5CVSS6.9AI score0.01486EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.94 views

MariaDB 10.11.0 < 10.11.3

The version of MariaDB installed on the remote host is prior to 10.11.3. It is, therefore, affected by a vulnerability as referenced in the 10.11.3 advisory. - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to...

6.5CVSS7.2AI score0.01486EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.25 views

MariaDB 10.4.0 < 10.4.29

The version of MariaDB installed on the remote host is prior to 10.4.29. It is, therefore, affected by a vulnerability as referenced in the 10.4.29 advisory. - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to...

6.5CVSS6.9AI score0.01486EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/12 1:24 p.m.18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-27554)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.1CVSS7.7AI score0.00859EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/09 1:48 p.m.35 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-39161)

Summary IBM WebSphere Application Server, shipped with IBM WebSphere Remote Server, is vulnerable to spoofing when using Web Server Plug-ins. Information about a security vulnerability affecting IBM WebSphere Application Server when using Web Server Plug-ins has been published in a security...

5.3CVSS5.3AI score0.00362EPSS
Exploits0Affected Software1
Rows per page
Query Builder