Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.2AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.4AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.9AI Score
0.0004EPSS
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 This script provides an automated Proof of...
9.8CVSS
7.6AI Score
0.966EPSS
RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....
8AI Score
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.074EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review
The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for February 2024 Microsoft Patch Tuesday's February 2024 edition addressed 79 vulnerabilities,...
9.8CVSS
10AI Score
0.074EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.2AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.2AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
7AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.4AI Score
0.0004EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14300)
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.8AI Score
0.005EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14308)
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.7AI Score
0.005EPSS
RICOH SP C250 Series Use of Hard-coded Credentials (CVE-2019-14309)
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. This plugin only works with Tenable.ot. Please visit...
7.5CVSS
7.6AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
RICOH SP C250 Series Authentication Method Vulnerable to Brute Force Attacks (CVE-2019-14299)
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. This plugin only works with Tenable.ot. Please visit...
9.8CVSS
9.4AI Score
0.002EPSS
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election By Anne An · February 13, 2024 Preface Cybersecurity has become an integral part of election security. Nation-state actors and other politically motivated groups are likely to try to...
6.7AI Score
RICOH SP C250 Series Denial of Service (CVE-2019-14303)
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.5CVSS
7.6AI Score
0.001EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14305)
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the...
9.8CVSS
9.8AI Score
0.005EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14307)
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.8AI Score
0.005EPSS
Canon Printers Multiple Vulnerabilities (CP2024-001)
Multiple vulnerabilities have been identified for certain Canon Small Office Multifunction Printers and Laser...
9.8CVSS
7.4AI Score
0.001EPSS
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...
7.3AI Score
0.0004EPSS
RICOH Multiple Products Stack Buffer Overflow (CVE-2021-33945)
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This...
9.8CVSS
9.7AI Score
0.002EPSS
RICOH SP C250 Series Denial of Service (CVE-2019-14310)
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets This plugin only works with...
9.8CVSS
9.5AI Score
0.002EPSS
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
8AI Score
EPSS
AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication
Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...
7AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
9.8CVSS
10AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:...
9.8CVSS
9.5AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Zyxel zysh - Format string Exploit
Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,.....
7.8CVSS
7.5AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.6AI Score
0.0004EPSS
Mitsubishi MELSEC WS Ethernet Interface Modules Authentication Bypass (CVE-2023-6374)
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
7.5CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.0004EPSS
Cisco Expressway Series XSRF (cisco-sa-expressway-csrf-KnnZDMj3)
According to its self-reported version, Cisco Expressway Series is affected by multiple vulnerabilities. A vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery...
9.6CVSS
8.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1136)
The remote host is missing an update for the Huawei...
3.7CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Spyware isn’t going anywhere, and neither are its tactics
Private and public efforts to curb the use of spyware and activity of other "mercenary" groups have heated up over the past week, with the U.S. government taking additional action against spyware users and some of the world's largest tech companies calling out international governments to do more.....
8.8CVSS
6.8AI Score
0.961EPSS
eza Potential Heap Overflow Vulnerability for AArch64
Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...
7.5AI Score
0.0004EPSS
eza Potential Heap Overflow Vulnerability for AArch64
Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...
7.5AI Score
0.0004EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score:.....
10CVSS
9.6AI Score
0.001EPSS
EulerOS 2.0 SP5 : curl (EulerOS-SA-2024-1136)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met....
3.7CVSS
8AI Score
0.001EPSS
Apple Security Update: watchOS 10.3.1
Apple recommends to install security update watchOS 10.3.1 on devices Apple Watch Series 4 and...
7AI Score
Dell Client BIOS DoS (DSA-2023-176)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a denial of service vulnerability. Due to a signed to unsigned conversion error, a local attacker with administrator privileges can cause a denial of service condition on an affected device. Note that...
6.7CVSS
4.8AI Score
0.0004EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
9.6CVSS
9.2AI Score
0.001EPSS
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
8.2CVSS
7.6AI Score
0.001EPSS
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
7.1CVSS
8.3AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
8.8CVSS
9.7AI Score
0.001EPSS