Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file...
7.4AI Score
0.971EPSS
krishna-coirs.in Cross Site Scripting vulnerability OBB-3923393
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)
Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpio_safer_name_suffix...
6.8AI Score
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload...
8.4AI Score
0.03EPSS
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME]...
7.8AI Score
0.009EPSS
krishna-engg.com Improper Access Control vulnerability OBB-3802845
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
7.4AI Score
Debian DSA-4500-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. CVE-2019-5807 TimGMichaud discovered a...
9.1AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page...
7.6AI Score
0.0004EPSS
What’s in your notepad? Infected text editors target Chinese users
"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...
7AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.535.2.1] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36467681] {CVE-2024-1086} [4.14.35-2047.535.2] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 33499812] - LTS version: v4.14.338 (Saeed Mirzamohammadi) - crypto:...
8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port'...
8.3AI Score
Microsoft Windows cldflt Type Confusion Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
5.5CVSS
8.2AI Score
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload...
8.1AI Score
0.03EPSS
Unbreakable Enterprise kernel security update
[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
8.2AI Score
Unbreakable Enterprise kernel security update
[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....
8.3AI Score
zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer...
7AI Score
0.001EPSS
Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. "The...
7AI Score
8.9AI Score
0.028EPSS
6.4AI Score
0.005EPSS
6.8AI Score
0.0004EPSS
7.7AI Score
0.001EPSS
6.2AI Score
0.005EPSS
8.5AI Score
0.066EPSS
7.6AI Score
0.008EPSS
6.6AI Score
0.024EPSS
7.6AI Score
0.008EPSS
9.6AI Score
0.931EPSS
9.8AI Score
0.849EPSS
8.2AI Score
0.003EPSS
5.7AI Score
0.791EPSS
8.4AI Score
0.003EPSS
5.7AI Score
0.791EPSS
6.4AI Score
0.003EPSS
7.4AI Score
0.062EPSS
9.8AI Score
0.849EPSS
7.6AI Score
0.149EPSS
7.7AI Score
0.672EPSS
7.4AI Score
0.062EPSS
5.7AI Score
0.003EPSS
5.7AI Score
0.003EPSS
Cracked software beats gold: new macOS backdoor stealing cryptowallets
A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....
7.5AI Score
7.4AI Score
0.232EPSS
Dark web threats and dark market predictions for 2024
An overview of last year's predictions Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may...
7.2AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
10AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
7.4AI Score
0.001EPSS
"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS...
7AI Score
The version of Node.js installed on the remote host is prior to 16.20.1, 18.16.1, 20.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday June 20 2023 Security Releases advisory. The use of proto in process.mainModule.proto.require() can bypass the policy...
7.5AI Score