EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities
The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and.....
7.2AI Score
EuroTel ETL3100 Transmitter Default Credentials Vulnerability
EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the...
7.4AI Score
EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
Title: EuroTel ETL3100 Transmitter Authorization Bypass (IDOR) Advisory ID: ZSL-2023-5783 Type: Local/Remote Impact: Privilege Escalation, Security Bypass Risk: (4/5) Release Date: 09.08.2023 Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter...
9.8CVSS
9.6AI Score
0.001EPSS
7.1AI Score
EuroTel ETL3100 Transmitter Information Disclosure Vulnerability
The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system...
7.4AI Score
EuroTel ETL3100 Transmitter Default Credentials
Title: EuroTel ETL3100 Transmitter Default Credentials Advisory ID: ZSL-2023-5782 Type: Local/Remote Impact: System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (4/5) Release Date: 09.08.2023 Summary RF Technology For Television Broadcasting Applications. The...
9.8CVSS
9.6AI Score
0.001EPSS
7.1AI Score
EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability
Title: EuroTel EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability Advisory ID: ZSL-2023-5784 Type: Local/Remote Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information, System Access, DoS, Privilege Escalation Risk: (5/5) Release Date:.....
9.8CVSS
9.4AI Score
0.001EPSS
H2 Web Interface Create Alias RCE
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.6AI Score
0.001EPSS
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...
5.5CVSS
6.7AI Score
0.001EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.5AI Score
0.001EPSS
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...
6.8CVSS
6.7AI Score
0.001EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...
4.7CVSS
6.6AI Score
0.0004EPSS
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...
7.8CVSS
7.7AI Score
0.0004EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8CVSS
9.5AI Score
0.001EPSS
CVE-2023-20586 Radeon™ Software Crimson ReLive Edition
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any...
9.8AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Intel® Unison™ Software Advisory
Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access...
6.8AI Score
0.001EPSS
Intel® RealSenseTM SDK Advisory
Summary: A potential security vulnerability in some Intel® RealSense™ Software Development Kits (SDKs) may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32663 Description: Incorrect default...
7.3AI Score
0.0004EPSS
SMM Memory Corruption Vulnerability
Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...
7.8CVSS
8.2AI Score
0.0004EPSS
AMD® Ryzen Master™ SDK February 2023 Security Update
AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7AI Score
0.0004EPSS
Intel® RST Software Installer Advisory
Summary: A potential security vulnerability in some Intel® Rapid Storage Technology (RST) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-43456 Description: Uncontrolled search path in.....
7.2AI Score
0.0004EPSS
Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37343.....
7.9AI Score
0.0004EPSS
Bulletin ID:AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity:High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...
6.8CVSS
8AI Score
0.001EPSS
Return Address Security Bulletin
Bulletin ID:AMD-SB-7005 Potential Impact: Data Confidentiality Severity:Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to.....
4.7CVSS
6.8AI Score
0.0004EPSS
Bulletin ID:AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity:High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which makes.....
7.5CVSS
7.5AI Score
0.116EPSS
Intel® RealSense™ ID Software Advisory
Summary: Potential security vulnerabilities in some Intel® RealSense™ ID software for Intel® RealSense™ 450 Face Authentication (FA) may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities......
7.7AI Score
0.0004EPSS
Intel® PROSet/Wireless WiFi and KillerTM WiFi Advisory
Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...
7.5AI Score
0.0005EPSS
Intel® oneAPI Toolkit and Component Software Installers Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-27391 Description: Improper...
7.4AI Score
0.0004EPSS
Intel® PROSet/Wireless WiFi and Killer™ WiFi August 2023 Security Update
Intel has informed HP of potential vulnerabilities identified in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products, which might allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has...
8.2CVSS
7.3AI Score
0.0005EPSS
Intel® Distribution of OpenVINO™ Toolkit Advisory
Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28405 Description: Uncontrolled search path in the...
7.2AI Score
0.0004EPSS
Speculative Leaks Security Notice
Bulletin ID:AMD-SB-7007 Potential Impact: Loss of Confidentiality Severity:Low Summary External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data. CVE Details Refer to Glossary for explanation of terms CVE| Severity| CVE Description...
5.5CVSS
6.6AI Score
0.001EPSS
Radeon™ Software Crimson ReLive Edition
Bulletin ID:AMD-SB-6007 Potential Impact: Escalation of Privilege Severity:High Summary Radeon™ Software Crimson ReLive Edition is an advanced graphics software designed for enabling high-performance gaming and engaging VR experiences. A potential vulnerability was reported in Radeon™ Software...
9.8CVSS
7.2AI Score
0.001EPSS
Bulletin ID:AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...
7.8CVSS
6.9AI Score
0.0004EPSS
AMD Ryzen™ Master Security Bulletin
Bulletin ID:AMD-SB-7004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in...
6.7CVSS
5.7AI Score
0.0004EPSS
Summary A remote code execution vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a...
9.8CVSS
9.4AI Score
0.003EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional . This product has addressed the applicable CVE. If.....
9.8CVSS
7.2AI Score
0.003EPSS
2023 OWASP Top-10 Series: API2:2023 Broken Authentication
Welcome to the 3rd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API2:2023 Broken Authentication. In this series we are taking an in-depth look at each category – the details, the impact and what....
7.1AI Score
Summary IBM® Db2® has multiple denial of service vulnerabilities with a specially crafted query Vulnerability Details ** CVEID: CVE-2023-30447 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially...
7.5CVSS
7.4AI Score
EPSS
Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates
Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World.....
6.7AI Score
Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates
Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World.....
6.7AI Score
Security Bulletin - Omniverse Launcher - August 2023
NVIDIA has released a software update for the Omniverse Workstation Launcher to address a security issue that may lead to information disclosure. To protect your system, download and apply the update for the Omniverse platform that you are using. If you are using the licensed NVIDIA Omniverse...
5.3CVSS
6.4AI Score
0.0005EPSS
Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs
Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) warned vendors, designers, developers, and end-user organizations of web applications about the dangers posed by Insecure Direct Object Reference (IDOR) vulnerabilities, now commonly referred to as BOLA.....
7.1AI Score
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers. During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141...
10CVSS
10.1AI Score
0.429EPSS
This is a generic module which can manipulate Python Flask-based application cookies. The Retrieve action will connect to a web server, grab the cookie, and decode it. The Resign action will do the same as above, but after decoding it, it will replace the contents with that in NEWCOOKIECONTENT,...
6.9AI Score
Security Bulletin: CVE-2022-40609 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2022-40609 affects the Object Request Broker (ORB) in IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition could allow a remote attacker to execute...
9.8CVSS
7.1AI Score
0.003EPSS
windowz2-bleed A zenbleed (CVE-2023-20593) POC for windows...
5.5CVSS
7.2AI Score
0.001EPSS
Software based Power Side Channel on AMD CPUs
Bulletin ID:AMD-SB-7006 Potential Impact: Information disclosure Severity:Low Summary A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’. CVE Details Refer to Glossary for explanation of...
4.7CVSS
6.9AI Score
0.0004EPSS