Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...
7.4AI Score
0.0004EPSS
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP,...
7.4AI Score
0.0004EPSS
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,.....
7.6AI Score
0.0004EPSS
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N,...
7.5AI Score
0.0004EPSS
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,.....
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: perl-Data-UUID-1.227-1.fc40
This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...
5.5AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-3da8ed5be3)
The remote host is missing an update for...
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-08bb549a36)
The remote host is missing an update for...
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-a58a7e2388)
The remote host is missing an update for...
5.6AI Score
0.0004EPSS
Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
I made a report at https://hackerone.com/reports/1187477 https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file,.....
8.1AI Score
Internet Bug Bounty: Usage of disabled protocol in curl
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been.....
7.1AI Score
0.0004EPSS
Internet Bug Bounty: CVE-2024-2379: QUIC certificate check bypass with wolfSSL
See https://hackerone.com/reports/2410774 or https://curl.se/docs/CVE-2024-2379.html Impact See https://hackerone.com/reports/2410774 or...
6.7AI Score
0.0004EPSS
Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system. For more information about these...
7.3AI Score
0.0004EPSS
(RHSA-2024:1536) Moderate: Satellite 6.14.3 Async Security Update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
7.3AI Score
0.052EPSS
Security Vulnerability in Saflok’s RFID-Based Keycard Locks
It's pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of.....
7.7AI Score
Internet Bug Bounty: CVE-2024-2466: TLS certificate check bypass with mbedTLS (reward request)
For reward request. Please refer to this report issue from curl: https://hackerone.com/reports/2416725 And already published at here: https://curl.se/docs/CVE-2024-2466.html Impact Reference from...
7AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.8AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.8AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
7.3AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5AI Score
0.0004EPSS
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on...
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: w3m-0.5.3-63.git20230121.fc38
The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from.....
7.6AI Score
0.002EPSS
[SECURITY] Fedora 39 Update: w3m-0.5.3-63.git20230121.fc39
The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from.....
7.6AI Score
0.002EPSS
Fedora: Security Advisory for w3m (FEDORA-2024-38c2261ca0)
The remote host is missing an update for...
6.5AI Score
0.002EPSS
Fedora: Security Advisory for w3m (FEDORA-2024-3fc66f8bf3)
The remote host is missing an update for...
6.5AI Score
0.002EPSS
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on...
6.2AI Score
0.0004EPSS
Internet Bug Bounty: Improper handling of wildcards in --allow-fs-read and --allow-fs-write
Summary: The permission model implementation does not process wildcards in the paths given via --allow-fs-read or --allow-fs-write correctly and may incorrectly grant access to paths that should be inaccessible. Description: There are two separate issues here: The implementation silently ignores...
7.2AI Score
0.0004EPSS
Internet Bug Bounty: Path traversal by monkey-patching Buffer internals
Summary: In Node.js 20 and Node.js 21, the permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve().....
7AI Score
0.001EPSS
Meeting FISMA (M-24-04) Requirements with a Unified Attack Surface Management Strategy
At the end of 2023, the Office of Management and Budget (OMB) released the FY24 FISMA Guidance (M-24-04) with a broad focus on securing the entire attack surface and specific action items for agencies pertaining to High Value Assets, IoT/OT devices, and internet-connected assets. In reference to...
7AI Score
U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng...
7.4AI Score
Rockwell Automation FactoryTalk View ME
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...
7.2AI Score
0.0004EPSS
Automation-Direct C-MORE EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
8.2AI Score
0.0004EPSS
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...
7.8AI Score
0.0004EPSS
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...
7.4AI Score
0.0004EPSS
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer...
7.1AI Score
Ivanti Cloud Services Appliance exec cookie command injection
Added: 03/26/2024 Background Ivanti Cloud Services Appliance (CSA) is an appliance that connects the console and managed devices over the Internet. Problem Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject...
7.8AI Score
Security Advisory Description CVE-2011-1176 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which...
8.6AI Score
0.018EPSS
This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the...
7.6AI Score
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...
10CVSS
10AI Score
0.972EPSS
3 important lessons from a devastating ransomware attack
In October 2023, The British Library was attacked by the Rhysida ransomware gang in a devastating cyberattack. The library, a vast repository of over 170 million items, is still deep in the recovery process, but recently released an eighteen page cyber incident review describing the attack, its...
7.2AI Score
New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...
6.2AI Score
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a...
7.5AI Score
0.0004EPSS
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system...
7.5AI Score
0.0004EPSS
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary...
7.8AI Score
0.0004EPSS
Fedora: Security Advisory for libreswan (FEDORA-2024-92f0c71a01)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
JVN#13113728: "EasyRange" may insecurely load executable files
"EasyRange" <http://sira.jp/soft/> provided by sira.jp (according to the original report submitted by the reporter) is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loadin...
7.4AI Score
0.0004EPSS
Fedora: Security Advisory for w3m (FEDORA-2024-aeb75f8b5b)
The remote host is missing an update for...
6.5AI Score
0.002EPSS
Fedora: Security Advisory for libreswan (FEDORA-2024-1439ec2069)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Fedora: Security Advisory for libreswan (FEDORA-2024-312a5ed3d5)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
German Police Seize 'Nemesis Market' in Major International Darknet Raid
German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated...
7.2AI Score