Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
7AI Score
0.0005EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
9.8CVSS
7.7AI Score
EPSS
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...
5.3CVSS
6.8AI Score
0.0005EPSS
FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and...
7AI Score
In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
5.2AI Score
0.0004EPSS
In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
About the security content of macOS Ventura 13.6.4
About the security content of macOS Ventura 13.6.4 This document describes the security content of macOS Ventura 13.6.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.8CVSS
8.5AI Score
0.009EPSS
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...
8.8CVSS
7.2AI Score
0.001EPSS
Malicious ads for restricted messaging applications target Chinese users
An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google...
7.4AI Score
Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.
Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....
6.6AI Score
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 120.0.6099.235 (Platform version: 15662.76.0) for ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General: Chromebook...
6.5CVSS
7AI Score
0.001EPSS
Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and...
7.2AI Score
U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...
9.8CVSS
9.8AI Score
0.915EPSS
cuevana123.co Cross Site Scripting vulnerability OBB-3737743
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
About the security content of iOS 16.7.5 and iPadOS 16.7.5
About the security content of iOS 16.7.5 and iPadOS 16.7.5 This document describes the security content of iOS 16.7.5 and iPadOS 16.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
8.8CVSS
8.6AI Score
0.001EPSS
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
9AI Score
0.001EPSS
Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
By Deeba Ahmed Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers.… This is a post from HackRead.com Read the original post: Inferno Drainer Phishing Nets Scammers $80M from Crypto...
7.3AI Score
SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration –....
9.8CVSS
9.8AI Score
0.074EPSS
About the security content of tvOS 17.3
About the security content of tvOS 17.3 This document describes the security content of tvOS 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
8.8CVSS
8.8AI Score
0.001EPSS
Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
6.8AI Score
JVN#46895889: RakRak Document Plus vulnerable to path traversal
RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22). ## Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. ## Solution Update the Software Update the...
8.8CVSS
8.7AI Score
0.0005EPSS
Xerox Workcentre 5735 LDAP Service Redential Extractor
This module extract the printer's LDAP username and password from Xerox Workcentre...
7.5AI Score
About the security content of macOS Sonoma 14.3
About the security content of macOS Sonoma 14.3 This document describes the security content of macOS Sonoma 14.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.8CVSS
8.4AI Score
0.001EPSS
JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect
Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability (CWE-601). ## Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. ## Solution Apply....
6.1CVSS
6.9AI Score
0.001EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.7AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
Overview In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a...
9.8CVSS
10AI Score
0.972EPSS
Arrests in $400M SIM-Swap Tied to Heist at FTX?
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just...
7.5AI Score
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.5AI Score
0.0004EPSS
In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
5.4AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...
9.8CVSS
7.3AI Score
0.001EPSS
Zhuhai Enterprise Information Technology Co., Ltd. focuses on the development and operation services of the SaaS platform (Jian Guo Yun) for the digital intelligence of the engineering and construction industry. There is an unauthorized access vulnerability in the Engineering Digital Cloud...
6.9AI Score
9.8CVSS
7.9AI Score
0.905EPSS
Cybersecurity Must De-Risk the Business
The Catalyst for My Return to Qualys “Necessity is the mother of all invention.” – Plato Introduction Cybersecurity as a problem and practice is evolving. This evolution is driven by business risk. Does this sound obvious? For far too long, we in security have put the technology cart way ahead of.....
7.3AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through...
7.2CVSS
7.9AI Score
0.001EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
5.7AI Score
0.001EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
5.7AI Score
0.001EPSS
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus....
7.5CVSS
7.9AI Score
0.001EPSS