Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.7CVSS
9.7AI Score
0.008EPSS
Exploit for Uncontrolled Resource Consumption in Quic-Go Project Quic-Go
QUIC-attacks (CVE-2022-30591) The current repository serves...
7.5AI Score
Build Numbers and Versions of Veeam Agent for IBM AIX
This KB article lists all versions of Veeam Agent for IBM AIX and their respective build...
3.1AI Score
List of Security Fixes and Improvements in Veeam Agent for Microsoft Windows
This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Microsoft...
2.2AI Score
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....
7.5CVSS
7.7AI Score
0.027EPSS
Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware
easy-exploits The current repository contains exploits of...
7AI Score
CVE-2023-6173 SQLi in TeoSOFT Software TeoBASE
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any...
9.8CVSS
9.9AI Score
0.001EPSS
![GIF](https://64.media.tumblr.com/eca96708daac19f72edc9ee6c6fdf......
10CVSS
7.4AI Score
0.001EPSS
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....
7.5CVSS
7.1AI Score
0.027EPSS
Exploit for Off-by-one Error in F5 Nginx
CVE-2021-23017-PoC ``` pip install -r requirements.txt...
7.7CVSS
8.1AI Score
0.52EPSS
Malicious File Detection: Potentially Unwanted Software
The md5sum of one or more files on the remote Windows host matches software known to violate some corporate policies. Verify that the remote files are authorized in your...
2.4AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....
4.3CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.5AI Score
0.0004EPSS
Apple Boot Camp Support Software Installed
The remote Windows host has an install of Apple's Boot Camp Support Software. Apple Boot Camp is a utility included on Mac OS X computers to assist with virtualizing various Windows operating systems, and Boot Camp Support Software provides associated drivers for...
3.4AI Score
Malicious Process Detection: Potentially Unwanted Software
The md5sum of one or more running process on the remote Windows host matches software known to violate some corporate policies. Verify that the remote processes are authorized in your...
2.4AI Score
IBM Netezza Platform Software Detection (Linux)
Support software for IBM Netezza, a enterprise data warehousing suite, is installed on the remote Linux...
1.2AI Score
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...
9.8CVSS
9.9AI Score
0.962EPSS
Python Software Foundation Python Installed (Windows)
Python, a tool to locally create and run application in the python programming language, is installed on the remote Windows...
1.1AI Score
Malicious Process Detection: APT1 Software Running
The md5sum of one or more running processes on the remote Windows host matches the signature distributed by Mandiant of software known to be involved in corporate cyber espionage by a unit called APT1. Verify that the remote processes are legitimate and authorized in your...
2.4AI Score
CVE-2024-28782 IBM QRadar Suite Software information disclosure
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: ...
6.3CVSS
6.1AI Score
0.0004EPSS
CVE-2023-6153 Authentication Bypass in TeoSOFT Software TeoBASE
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any...
9.8CVSS
9.6AI Score
0.001EPSS
HP Software Packages (SoftPaqs) – Potential Escalation of Privilege
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). HP has provided updated software packages (SoftPaqs) available from our...
8AI Score
0.0004EPSS
Exploit for Path Traversal in Sysaid Sysaid On-Premises
Vulnerability Details fofa: ```text ...
9.8CVSS
9.6AI Score
0.935EPSS
CVE-2024-4538 IDOR vulnerability in Janto Ticketing Software
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user...
7.5CVSS
7.6AI Score
0.0004EPSS
Quantum DXi Storage With Firmware 3.x Does Not Work with Veeam Backup & Replication 12
Veeam Backup & Replication cannot connect to the Quantum DXi storage because a secured TLS communication channel cannot be created. Starting in Veeam Backup & Replication 12, communication with deduplicating storage appliances is secured using a TLS connection. In order to create such a TLS...
1.7AI Score
Backup job reports Unfreeze Error (Over VIX)
Backup job returns an error:Unfreeze error (over VIX): [Backup job failed.]Running vssadmin list writers command may result in:Non-Retryable error for Volume Shadow Copy Service (VSS) of the...
2.8AI Score
CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased...
7.5CVSS
7.6AI Score
0.0004EPSS
CVE-2023-47727 IBM QRadar Suite Software file manipulation
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: ...
4.3CVSS
4.6AI Score
0.0004EPSS
RHEL 8 : gnome-software and fwupd (RHSA-2020:4436)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4436 advisory. The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The...
6CVSS
6.6AI Score
0.0005EPSS
Honeywell PM43 Printers - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g....
9.9CVSS
9.8AI Score
0.71EPSS
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
7.8CVSS
6.8AI Score
0.0004EPSS
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in...
5.5CVSS
9.1AI Score
0.001EPSS
Essential Features of Cybersecurity Management Software for MSPs
By Uzair Amir Protect your clients' businesses from cyber threats with Cybersecurity Management Software. Explore the unified control panel, real-time threat… This is a post from HackRead.com Read the original post: Essential Features of Cybersecurity Management Software for...
7.3AI Score
TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576
TIBCO EBX File Inclusion Vulnerability Original release date: June 11, 2024 Last revised: June 12, 2024 CVE-2024-4576 Source: TIBCO Software Inc. Products Affected TIBCO EBX versions 5.9.25 and below TIBCO EBX versions 6.1.3 HF2 and below Component affected: EBX Add-ons Description The...
6.9AI Score
0.0004EPSS
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of...
7.5CVSS
7.5AI Score
0.002EPSS
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...
7.5CVSS
6.8AI Score
0.001EPSS
Console Error - Failed to connect to Veeam Backup & Replication Server
Console Error - Failed to connect to Veeam Backup & Replication...
1.9AI Score
Using Object Storage with Veeam Products
Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...
2.7AI Score
MunkiReport Software Update module is vulnerable to SQL injection
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...
8.8CVSS
8.6AI Score
0.001EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
5.3CVSS
0.0004EPSS
OpenCms 14 & 15 - Open Redirect
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury'...
6.1CVSS
6.3AI Score
0.01EPSS
Cisco UCS Central Software Web UI Detection
The web user interface for Cisco Unified Computing System (UCS) Central Software, an infrastructure management system, was detected on the remote...
1.6AI Score
8.8AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0,...
5.8AI Score
0.0004EPSS
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
MunkiReport Software Update module is vulnerable to SQL injection
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...
8.8CVSS
8.6AI Score
0.001EPSS
CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and...
6.7AI Score
0.0004EPSS
XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : # Chrome Version 54.0.2840.59 (64-bit) # Firefox 49.0 h3. Steps to Reproduce # Configure Outgoing Mail # Enable Contact Administrators Form from General...
0.2AI Score
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...
7.2CVSS
8AI Score
0.001EPSS
Malicious File Detection: APT1 Software on System
The md5sum of one or more files on the remote Windows host matches the signature distributed by Mandiant of software known to be involved in corporate espionage by a unit called APT1. Verify that the remote files are legitimate and authorized in your...
2.1AI Score