RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1627)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1627 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service...
7.5CVSS
7.5AI Score
0.964EPSS
RHEL 7 : openstack-neutron (RHSA-2018:3792)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3792 advisory. OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main...
6.5CVSS
6.4AI Score
0.003EPSS
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this...
7.5CVSS
6.9AI Score
0.0004EPSS
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...
7.5CVSS
6.9AI Score
0.0004EPSS
CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...
7.5CVSS
7AI Score
0.0004EPSS
CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2024-3051 Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this...
7.5CVSS
7.8AI Score
0.0004EPSS
CSAF - Cyber Security Awareness Framework
The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...
7.5AI Score
CentOS 9 : openssl-3.0.7-18.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-18.el9 build changelog. Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function...
9.8CVSS
8.6AI Score
0.116EPSS
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset...
7.1AI Score
0.0004EPSS
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset...
6.8AI Score
0.0004EPSS
The private sector probably isn’t coming to save the NVD
I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability that's disclosed and/or patched is now so far...
7.3AI Score
0.001EPSS
Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,.....
7.4AI Score
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missing...
7.5CVSS
7.8AI Score
0.003EPSS
Mitsubishi Electric MELSEC Series CPU Module (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
10CVSS
8.2AI Score
0.008EPSS
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal,...
9.1CVSS
8.6AI Score
0.001EPSS
Rockwell Automation 5015-AENFTXT (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the...
7.5CVSS
7.6AI Score
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 - Exploit Scanners Introduction This...
10CVSS
9.7AI Score
0.966EPSS
K000139405 : MySQL vulnerability CVE-2023-21950
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
4.9CVSS
6.2AI Score
0.0004EPSS
An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset...
7AI Score
0.0004EPSS
Wazuh Active Response Module Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of IP address arguments. The issue results from the lack of proper validation of JSON...
8.8CVSS
7.5AI Score
0.001EPSS
Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are....
5.8CVSS
6.9AI Score
0.01EPSS
NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload.....
6.2AI Score
0.002EPSS
CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The webapp contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The webapp also...
6.8AI Score
0.0004EPSS
Executes a TDS7 pre-login request against the MSSQL instance to query for version...
7.3AI Score
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE ...
9.8CVSS
10AI Score
0.97EPSS
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...
8.3AI Score
0.942EPSS
Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...
9.8CVSS
10AI Score
0.012EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...
10CVSS
7.4AI Score
0.957EPSS
Assessing the Y, and How, of the XZ Utils incident
High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software.....
7.6AI Score
RHEL 6 : openstack-neutron (RHSA-2014:1339)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1339 advisory. OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its...
6.3AI Score
0.005EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040-RCE-POC CVE-2024-4040 (CrushFTP VFS escape) or...
10CVSS
9.9AI Score
0.966EPSS
Google ad for Facebook redirects to scam
Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brands....
6.9AI Score
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across...
10CVSS
10AI Score
0.966EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in...
7.7AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in...
7.7AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in...
7.7AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in...
7.7AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in...
7.4AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in...
7.7AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in...
7.7AI Score
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 - exploit scanners This repository contains...
10CVSS
9.5AI Score
0.966EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in...
7.6AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in...
7.6AI Score
0.0004EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in...
7.6AI Score
0.0004EPSS