XCSSET Quickly Adapts to macOS 11 and M1-based Macs
This latest update details our new research on XCSSET, including the ways in which it has adapted itself to work on both ARM64 and x86_x64...
2AI Score
Unbreakable Enterprise kernel security update
[4.14.35-2047.500.9.1] - xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930} - xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931} - xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug:...
8.8CVSS
0.1AI Score
0.004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2025.405.3] - Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280] [4.14.35-2025.405.2] - nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350995] [4.14.35-2025.405.1] - net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug:...
8.1CVSS
0.1AI Score
0.004EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2025.405.3.el7] - Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280] [4.14.35-2025.405.2.el7] - nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350995] [4.14.35-2025.405.1.el7] - net/rds: Fix gfp_t parameter (Hans...
8.1CVSS
0.1AI Score
0.004EPSS
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the...
AI Score
Citrix SD-WAN Bugs Allow Remote Code Execution
Three security bugs in the Citrix software-defined (SD)-WAN platform would allow remote code-execution and network takeover, according to researchers. The flaws affect the Citrix SD-WAN Center (in versions before 11.2.2, 11.1.2b and 10.2.8). They consist of an unauthenticated path traversal and...
1.4AI Score
0.006EPSS
Silver Peak SD-WAN Bugs Allow for Network Takeover
Silver Peak’s Unity Orchestrator, a software-defined WAN (SD-WAN) management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...
0.2AI Score
0.005EPSS
Citrix SDWAN Center Security Update
Description of Problem Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. These vulnerabilities have the following identifiers: CVE|...
9.8CVSS
1.5AI Score
0.006EPSS
APT Groups Finding Success with Mix of Old and New Tools
Advanced persistent threat (APT) groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. That’s according to Kaspersky’s most recent APT trends report for Q3 2020, which found...
-0.4AI Score
ariel-vac.com Cross Site Scripting vulnerability OBB-1422257
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
ariel-vac.com Cross Site Scripting vulnerability OBB-1412164
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
ariel-vac.com Cross Site Scripting vulnerability OBB-1401906
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
HackerOne: Graphql: Sorting the reports by jira_status field resulted to different value
Summary: Sorting the reports by jira_status yield to different result depicting the team is using jira even the user has no access. Description: A user with no access to jira information of any reports can somehow access the jira field using order_by through jira_status Using the 2 graphql below...
-0.1AI Score
Parallels RAS OS Command Execution
Advisory Information Title: Parallels RAS OS Command Execution Advisory ID: CORE-2020-0011 Advisory URL: https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution Date published: 2020-07-23 Date of last update: 2020-07-21 Vendors contacted: Parallels Release mode:...
9.9CVSS
-0.1AI Score
0.018EPSS
IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
Overview IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. Both ServeRAID Manager and Java...
9.4AI Score
0.459EPSS
Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
A pair of bugs in the Kubernetes open-source cloud container software can be “highly dangerous” under some Kubernetes configurations, according to researchers. The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2. Exploitation of the first.....
-0.6AI Score
0.335EPSS
Unbreakable Enterprise kernel security update
[4.14.35-1902.4.8] - x86/boot: Clear RSDP address in boot_params for broken loaders (Juergen Gross) [Orabug: 30111373] [4.14.35-1902.4.7] - rds: ib: Qualify CM REQ duplicate detection with connection being up (Hakon Bugge) [Orabug: 30062149] - rds: Further prioritize local loop-back connections...
7.8CVSS
AI Score
0.008EPSS
TikTok Scammers Cash In On Adult Dating, Impersonation Tricks
As social media platform TikTok becomes the top App Store download in 2019 – and the number three app download on Google Play and on platforms overall – scammers are looking to cash in on the troves of younger users of the popular platform. Tenable researcher Satnam Narang, who has been tracking...
-0.8AI Score
Unbreakable Enterprise kernel security update
[4.14.35-1902.3.1] - x86/platform/UV: Mark tsc_check_sync as an init function ([email protected]) [Orabug: 29701029] - mm, page_alloc: check for max order in hot path (Michal Hocko) [Orabug: 29924411] - net/mlx5: FW tracer, Enable tracing (Feras Daoud) [Orabug: 29717200] - net/mlx5: FW...
6.7CVSS
-0.5AI Score
0.001EPSS
Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins
Abstract A list of the installation instructions, new features, and resolved issues list for the release of IBM Security QRadar 7.2.8 Patch 4 (7.2.8.20170224202650). Content Known issue identified IMPORTANT: A known issue has been identified in QRadar 7.2.8 Patch 4 where QFlow Collector...
8.8CVSS
0.6AI Score
0.948EPSS
Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency
The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC). Yes, infinite… like a never-ending source of money. ...
-0.3AI Score
At CES, Focus is On ‘Cool Factor’ Not IoT Security
With the Consumer Electronics Show (CES) afoot this week, headlines are crammed with the offbeat connected products from the show – including everything from a smart belt all the way down to a connected toilet. But one important topic seems to be missing from the troves of CES news (and even from.....
0.4AI Score
ariel-cyber.co.il XSS vulnerability
Open Bug Bounty ID: OBB-713534 Description| Value ---|--- Affected Website:| ariel-cyber.co.il Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| [hidden until disclosure] Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:|...
0.1AI Score
SNDBOX: AI-Powered Online Automated Malware Analysis Platform
Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...
-0.5AI Score
ariel-cyber.co.il XSS vulnerability
Open Bug Bounty ID: OBB-681961 Description| Value ---|--- Affected Website:| ariel-cyber.co.il Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Open Bug Bounty ID: OBB-658647 Description| Value ---|--- Affected Website:| 2games.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
1.1AI Score
ariel-books.com XSS vulnerability
Open Bug Bounty ID: OBB-649482 Description| Value ---|--- Affected Website:| ariel-books.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext
For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered Monday by the same team of security researchers, the newly discovered...
6.1CVSS
1.2AI Score
0.002EPSS
Remediation TL;DR If you’re a concerned Signal user please update to the latest version of Signal Desktop (fixed in version v1.11.0) which addresses all of these issues. Note that the mobile apps for Signal were not affected by this issue. Background Information If you’re an avid follower of all...
6.1CVSS
-0.1AI Score
0.002EPSS
0.4AI Score
0.002EPSS
AI Score
0.002EPSS
Hackers Reveal How Code Injection Attack Works in Signal Messaging App
After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a...
0.9AI Score
Timely Password-Change Call from Twitter, as Bugs Hit WebEx and GPON routers
The cyber security news cycle is always active, so to help you stay in the loop here’s a selection of incidents that caught our attention over the past week or so involving, among others, Twitter, Cisco and GPON routers. Twitter picks a good day for password-change call As “change your password”...
-0.5AI Score
0.974EPSS
Millions of Home Fiber Routers Vulnerable to Complete Takeover
UPDATE Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full....
AI Score
0.974EPSS
USN-3532-1: GDK-PixBuf vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS....
8.8CVSS
2.1AI Score
0.006EPSS
Releases Ubuntu 17.10 Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages gdk-pixbuf - GDK Pixbuf library Details It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04...
7.1CVSS
7.6AI Score
0.006EPSS
Updated gdk-pixbuf2.0 packages fix security vulnerability
JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (CVE-2017-2862). tiff_image_parse Code Execution Vulnerability (CVE-2017-2870). Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system...
7.8CVSS
2.7AI Score
0.016EPSS
Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities
More than 20 of the most popular mobile trading applications used by consumers and day-traders for securities transactions contain glaring vulnerabilities that could allow attackers to sniff personal data or steal money from accounts. Researchers from IOActive today published a report describing...
-0.4AI Score
USN-3418-1: GDK-PixBuf vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could...
7.8CVSS
8.3AI Score
0.016EPSS
Releases Ubuntu 17.04 Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages gdk-pixbuf - GDK Pixbuf library Details It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote...
7.8CVSS
8AI Score
0.016EPSS
When Looking for SWIFT Audit Guidelines, Beware of the Customer Security Controls Framework
...
2.4AI Score
Unbreakable Enterprise kernel security update
kernel-uek [4.1.12-103.3.8] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365} [4.1.12-103.3.7] - i40e/i40evf: check for stopped admin queue (Mitch Williams) [Orabug: 26654222] [4.1.12-103.3.6] - xen: fix bio vec merging (Roger Pau...
9.8CVSS
-0.2AI Score
0.905EPSS
arielbath.com XSS vulnerability
Vulnerable URL: http://www.arielbath.com/products/Ariel-by-Seacliff-Bayhill-42%22-Single%252dSink-Bathroom-Vanity-Set.html#!prettyPhoto/0,%3Ca%20onclick=%22alert(%27OPENBUGBOUNTY%27);%22%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.11.2017 Vulnerability type:|...
6.3AI Score
7.5CVSS
7AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.001EPSS
7.3AI Score
0.001EPSS
Medium Alert ID: 52522 First Published: 2017 February 2 14:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID27586) may contain the following...
0.3AI Score
ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation
Overview On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint by causing the SecureConnector agent to execute arbitrary code. Description On Windows endpoints, the...
7.8CVSS
0.5AI Score
0.0004EPSS