kernel security, bug fix, and enhancement update
[5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...
9.8CVSS
7.5AI Score
0.003EPSS
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...
7CVSS
6.9AI Score
0.001EPSS
Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
6.1CVSS
1.1AI Score
0.002EPSS
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
7.5CVSS
6.9AI Score
0.001EPSS
K000138643 : OpenSSH vulnerability CVE-2023-51767
Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat....
7CVSS
6.7AI Score
0.001EPSS
JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration
OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is insecure (CWE-1188), it does not perform an authorization check when...
6.8AI Score
0.0004EPSS
Path traversal in the OWASP Enterprise Security API
Impact The default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire....
9.8CVSS
0.5AI Score
0.003EPSS
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...
7.7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP...
8CVSS
7.1AI Score
0.001EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.4CVSS
7AI Score
0.0004EPSS
Softing edgeConnector Siemens Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeConnector Siemens. Authentication is required to exploit this vulnerability. In the case of a network-adjacent attacker, the existing authentication mechanism can be bypassed. The specific....
7.2CVSS
7.9AI Score
0.031EPSS
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An unauthorized access vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd. and can be exploited by an attacker to...
7AI Score
FakeBat delivered via several active malvertising campaigns
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is.....
7.8AI Score
Apache Log4j allows insecure JNDI lookups
Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description The....
10CVSS
10AI Score
EPSS
A Close Up Look at the Consumer Data Broker Radaris
If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...
6.6AI Score
About the security content of tvOS 17.4
About the security content of tvOS 17.4 This document describes the security content of tvOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
7.8CVSS
8.9AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...
7.2AI Score
0.0004EPSS
Dongguan Tongtianxing Software Technology Co., Ltd. is a video security service provider. Dongguan Tongtianxing Software Technology Co., Ltd. active security monitoring cloud platform has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive...
6.9AI Score
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.5CVSS
7.7AI Score
0.005EPSS
7.5CVSS
7.8AI Score
0.007EPSS
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...
7AI Score
About the security content of watchOS 10.4
About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.8CVSS
8.8AI Score
0.002EPSS
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password...
7.5CVSS
7.4AI Score
0.007EPSS
7.5CVSS
7.4AI Score
0.007EPSS
Graylog session fixation vulnerability through cookie injection
Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...
5.7CVSS
6.7AI Score
0.001EPSS
The NBR6205-E is a router product. A command execution vulnerability exists in the NBR6205-E of Beijing StarNet Ruijie Network Technology Co. that can be exploited by an attacker to gain server...
7.4AI Score
Graylog session fixation vulnerability through cookie injection
Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...
5.7CVSS
6.5AI Score
0.001EPSS
FinalWire Ltd. AIDA64 Detection (Windows SMB Login)
Detects the installed version of FinalWire Ltd. AIDA64 for...
7.4AI Score
Cyberbotics Ltd. Webots Detection (Windows SMB Login)
Detects the installed version of Cyberbotics Ltd. Webots for...
7.4AI Score
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.1AI Score
JVN#54451757: Multiple vulnerabilities in SKYSEA Client View
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific folder (CWE-284) - CVE-2024-21805 Version| Vector| Score ---|---|--- CVSS v3|...
7.8AI Score
0.0004EPSS
Generative AI Security - Secure Your Business in a World Powered by LLMs
Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings....
6.9AI Score
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/cluster_config/ endpoint. Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads.....
8.8CVSS
7.4AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.7AI Score
EPSS
Language Accessory Pack for Microsoft 365
Language Accessory Pack for Microsoft 365 Language packs add additional display, help, and proofing tools to Microsoft 365. You can install additional language accessory packs after installing Microsoft 365. If a language accessory pack is described as having partial localization, some parts of...
7AI Score
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- |...
8.8CVSS
8.9AI Score
EPSS
IOServer Pty Ltd. OPC Server Detection (Windows SMB Login)
Detects the installed version of IOServer Pty Ltd. IOServer OPC Server for...
7.4AI Score
Unbreakable Enterprise kernel security update
[5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove...
7.8CVSS
7.4AI Score
0.0004EPSS
Administration Console authentication bypass in openfire xmppserver
An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console (the Admin Console), a web-based application, was found to...
8.6CVSS
7AI Score
0.974EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
8AI Score
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....
6.8AI Score
Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co.
The EG3210 is a router product from Beijing StarNet Ruijie Network Technology Co. A command execution vulnerability exists in the Beijing StarNet Ruijie Network Technology Co., Ltd EG3210, which can be exploited by an attacker to gain control of a...
7.5AI Score
How to make a fake ID online, with Joseph Cox: Lock and Code S05E05
This week on the Lock and Code podcast… For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents. In 2024, that's changed, as the...
7.2AI Score
Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication (CWE-287) - CVE-2024-21824 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N|...
7.6AI Score
0.0004EPSS
Malicious input can provoke XSS when preserving comments
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....
6.1CVSS
6AI Score
0.0004EPSS
OWASP.AntiSamy mXSS when preserving comments
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a...
6.1CVSS
6.2AI Score
0.001EPSS
Dongguan Tongtianxing Software Technology Co., Ltd. is a video security service provider. Dongguan Tongtianxing Software Technology Co., Ltd. active security monitoring cloud platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...
7.6AI Score
Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a...
6.1CVSS
6AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS