openSUSE Security Update : the Linux Kernel (openSUSE-2019-536) (Spectre)
The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...
7.8CVSS
8.8AI Score
0.976EPSS
Amazon Linux 2 : openssl11 (ALAS-2020-1456)
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
5.3CVSS
5.4AI Score
0.015EPSS
Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing...
8.2CVSS
7.1AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
OpenBSD OpenSSH <= 9.6 Authentication Bypass Vulnerability
OpenBSD OpenSSH is prone to an authentication bypass ...
7CVSS
7AI Score
0.001EPSS
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
7.5CVSS
6.9AI Score
0.001EPSS
About the security content of visionOS 1.1
About the security content of visionOS 1.1 This document describes the security content of visionOS 1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.8CVSS
9.2AI Score
0.002EPSS
A Close Up Look at the Consumer Data Broker Radaris
If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...
6.6AI Score
K000138643 : OpenSSH vulnerability CVE-2023-51767
Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat....
7CVSS
6.7AI Score
0.001EPSS
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...
9CVSS
9AI Score
0.005EPSS
Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
6.1CVSS
1.1AI Score
0.002EPSS
JVN#52919306: Toyoko Inn official App vulnerable to improper server certificate verification
Toyoko Inn official App provided by Toyoko Inn IT Solution Co., Ltd. is vulnerable to improper server certificate verification (CWE-295). ## Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. ## Solution Update the application Update the application....
6.5AI Score
0.0004EPSS
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...
7.7AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An unauthorized access vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. and can be exploited by an attacker to...
7AI Score
7.5CVSS
7.8AI Score
0.006EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
7AI Score
0.0004EPSS
Path traversal in the OWASP Enterprise Security API
Impact The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire....
9.8CVSS
0.5AI Score
0.003EPSS
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.4CVSS
8.8AI Score
0.028EPSS
Dongguan Tongtianxing Software Technology Co., Ltd. is a video security service provider. Dongguan Tongtianxing Software Technology Co., Ltd. active security monitoring cloud platform has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive...
6.9AI Score
7.5CVSS
7.4AI Score
0.006EPSS
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password...
7.5CVSS
7.4AI Score
0.006EPSS
Mozilla Drops Onerep After CEO Admits to Running People-Search Networks
The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by.....
7.1AI Score
JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration
OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is insecure (CWE-1188), it does not perform an authorization check when...
6.8AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
The NBR6205-E is a router product. A command execution vulnerability exists in the NBR6205-E of Beijing StarNet Ruijie Network Technology Co. that can be exploited by an attacker to gain server...
7.4AI Score
Graylog session fixation vulnerability through cookie injection
Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...
5.7CVSS
6.7AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
FinalWire Ltd. AIDA64 Detection (Windows SMB Login)
Detects the installed version of FinalWire Ltd. AIDA64 for...
7.4AI Score
Cyberbotics Ltd. Webots Detection (Windows SMB Login)
Detects the installed version of Cyberbotics Ltd. Webots for...
7.4AI Score
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.1AI Score
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0),...
10CVSS
9.9AI Score
0.133EPSS
Graylog session fixation vulnerability through cookie injection
Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...
5.7CVSS
6.5AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them
Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...
7.3AI Score
About the security content of tvOS 17.4
About the security content of tvOS 17.4 This document describes the security content of tvOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
7.8CVSS
8.9AI Score
0.002EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
8AI Score
IOServer Pty Ltd. OPC Server Detection (Windows SMB Login)
Detects the installed version of IOServer Pty Ltd. IOServer OPC Server for...
7.4AI Score
FakeBat delivered via several active malvertising campaigns
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is.....
7.8AI Score
About the security content of watchOS 10.4
About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.8CVSS
8.8AI Score
0.002EPSS
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads.....
8.8CVSS
7.4AI Score
0.001EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report...
7.1AI Score
Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co.
The EG3210 is a router product from Beijing StarNet Ruijie Network Technology Co. A command execution vulnerability exists in the Beijing StarNet Ruijie Network Technology Co., Ltd EG3210, which can be exploited by an attacker to gain control of a...
7.5AI Score
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying...
8.4AI Score
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- |...
8.8CVSS
8.9AI Score
EPSS
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP...
8CVSS
7.1AI Score
0.001EPSS
Dongguan Tongtianxing Software Technology Co., Ltd. is a video security service provider. Dongguan Tongtianxing Software Technology Co., Ltd. active security monitoring cloud platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...
7.6AI Score