[SECURITY] [DLA 3747-1] firefox-esr security update
Debian LTS Advisory DLA-3747-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.8.0esr-1~deb10u1 CVE...
9.1AI Score
0.0004EPSS
Debian dla-3747 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
8AI Score
0.0004EPSS
8.9AI Score
0.0004EPSS
CentOS 9 : glibc-2.34-83.el9.7
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.7 build changelog. potential use-after-free in getaddrinfo (RHEL-2426) (CVE-2023-4806) buffer overflow in ld.so leading to privilege escalation (RHEL-3000)...
7.8CVSS
8.4AI Score
0.014EPSS
[4.18.0-513.18.0.2.el8_9] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - x86/sev: Check for user-space IOIO pointing to kernel space {CVE-2023-46813} - x86/sev: Check IOBM for...
7.8CVSS
7.1AI Score
0.0004EPSS
FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks
The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in.....
10CVSS
9.7AI Score
0.946EPSS
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an...
7.5CVSS
7.3AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path Vulnerabilities
Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the...
8.1AI Score
7.4AI Score
Tosibox Key Service 3.3.0 Local Privilege Escalation
Title: Tosibox Key Service 3.3.0 Local Privilege Escalation Advisory ID: ZSL-2024-5812 Type: Local Impact: Privilege Escalation Risk: (3/5) Release Date: 23.02.2024 Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes,...
7.9AI Score
8.9AI Score
0.0004EPSS
[SECURITY] [DSA 5627-1] firefox-esr security update
Debian Security Advisory DSA-5627-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-1546 CVE-2024-1547...
6.9AI Score
0.0004EPSS
Debian dsa-5627 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5627 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
Summary App Connect Professional has addressed the following vulnerability reported in Apache Tomcat. (CVE-2023-46589) Vulnerability Details ** CVEID: CVE-2023-46589 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By...
7.5CVSS
7.9AI Score
0.005EPSS
Siemens SCALANCE SC-600 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
7.8AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2023, App Connect Professional has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 ...
5.9CVSS
7.4AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
Zyxel zysh - Format string Exploit
Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,.....
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.4AI Score
0.0004EPSS
[5.14.0-362.18.0.2] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - dpll: core: Add DPLL framework base functions {CVE-2023-6679} - dpll: spec: Add Netlink spec in YAML...
7.8CVSS
7.2AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
CentOS 8 : glibc (CESA-2023:5455)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa...
7.8CVSS
8AI Score
0.014EPSS
Exploring the (Not So) Secret Code of Black Hunt Ransomware
It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...
8.2AI Score
8.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
7.4AI Score
0.001EPSS
8.8CVSS
9.1AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
[SECURITY] [DLA 3727-1] firefox-esr security update
Debian LTS Advisory DLA-3727-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 31, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.7.0esr-1~deb10u1 CVE...
8.8CVSS
8.4AI Score
0.001EPSS
Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs
IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectrum....
8.1CVSS
7.2AI Score
0.004EPSS
Debian dla-3727 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3727 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...
8.8CVSS
7.5AI Score
0.001EPSS
7.4AI Score
[SECURITY] [DLA 3720-1] thunderbird security update
Debian LTS Advisory DLA-3720-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 25, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.7.0-1~deb10u1 CVE...
8.8CVSS
8.6AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
[SECURITY] [DSA 5606-1] firefox-esr security update
Debian Security Advisory DSA-5606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-0741 CVE-2024-0742...
8.8CVSS
7AI Score
0.001EPSS
Security Testing: Types, Tools, and Best Practices
Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve.....
8.4AI Score
Debian dsa-5606 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5606 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...
8.8CVSS
8.1AI Score
0.001EPSS
7.4AI Score
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...
5.4CVSS
5.7AI Score
0.001EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...
6.4CVSS
5.2AI Score
0.001EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....
5.4CVSS
5.7AI Score
0.0004EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....
6.4CVSS
5.2AI Score
0.0004EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....
5.4CVSS
5.9AI Score
0.0004EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...
5.4CVSS
6AI Score
0.001EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....
6.4CVSS
5.8AI Score
0.0004EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...
6.4CVSS
5.8AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.005EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
9.1CVSS
9.1AI Score
0.002EPSS
Siemens SCALANCE Use of Weak Hash (CVE-2023-44319)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
4.9CVSS
7.1AI Score
0.001EPSS
Siemens SCALANCE Use of Hard-coded Cryptographic Key (CVE-2023-44318)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
4.9CVSS
5.9AI Score
0.001EPSS