The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-07 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been...
7.8AI Score
0.0004EPSS
Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities
Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in...
8.1CVSS
8.3AI Score
0.001EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
10AI Score
0.0004EPSS
Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...
3.1CVSS
3.7AI Score
0.0004EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been...
10AI Score
0.0004EPSS
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of...
9.8CVSS
9.6AI Score
0.074EPSS
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 A PHP External Variable Modification...
9.8CVSS
7.3AI Score
0.966EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
6.8AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7.4AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7AI Score
0.0004EPSS
Summary Vulnerabilitiy in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-24998). Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
7.5CVSS
7.5AI Score
0.034EPSS
Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat...
7.5CVSS
7.6AI Score
0.034EPSS
U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...
9.8CVSS
9.8AI Score
0.902EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.9AI Score
EPSS
Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.3AI Score
0.001EPSS
This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...
7.2AI Score
How ransomware changed in 2023
In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. The gang's novel approach challenged a bottleneck that makes it....
7.2AI Score
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.2AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.4AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.9AI Score
0.0004EPSS
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 This script provides an automated Proof of...
9.8CVSS
7.6AI Score
0.966EPSS
RansomHouse am See By Pham Duy Phuc, Max Kersten in collaboration with Noël Keijzer and Michaël Schrijver from Northwave · February 14, 2024 Ransom gangs make big bucks by extorting victims, which sadly isn’t new. Their lucrative business allows them not only to live off the stolen money, but also....
8AI Score
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.074EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
6.7AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review
The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for February 2024 Microsoft Patch Tuesday's February 2024 edition addressed 79 vulnerabilities,...
9.8CVSS
10AI Score
0.074EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.2AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.2AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
7AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.4AI Score
0.0004EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14300)
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.8AI Score
0.005EPSS
RICOH SP C250 Series Use of Hard-coded Credentials (CVE-2019-14309)
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. This plugin only works with Tenable.ot. Please visit...
7.5CVSS
7.6AI Score
0.002EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14308)
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.7AI Score
0.005EPSS
Unbreakable Enterprise kernel security update
[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...
9.8CVSS
7.4AI Score
0.001EPSS
RICOH SP C250 Series Authentication Method Vulnerable to Brute Force Attacks (CVE-2019-14299)
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. This plugin only works with Tenable.ot. Please visit...
9.8CVSS
9.4AI Score
0.002EPSS
Canon Printers Multiple Vulnerabilities (CP2024-001)
Multiple vulnerabilities have been identified for certain Canon Small Office Multifunction Printers and Laser...
9.8CVSS
7.4AI Score
0.001EPSS
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...
7.3AI Score
0.0004EPSS
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election By Anne An · February 13, 2024 Preface Cybersecurity has become an integral part of election security. Nation-state actors and other politically motivated groups are likely to try to...
6.7AI Score
RICOH SP C250 Series Buffer Overflow (CVE-2019-14305)
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the...
9.8CVSS
9.8AI Score
0.005EPSS
RICOH SP C250 Series Buffer Overflow (CVE-2019-14307)
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...
9.8CVSS
9.8AI Score
0.005EPSS
RICOH SP C250 Series Denial of Service (CVE-2019-14303)
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.5CVSS
7.6AI Score
0.001EPSS
RICOH Multiple Products Stack Buffer Overflow (CVE-2021-33945)
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This...
9.8CVSS
9.7AI Score
0.002EPSS
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
8AI Score
EPSS
AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication
Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...
7AI Score
0.0004EPSS
RICOH SP C250 Series Denial of Service (CVE-2019-14310)
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets This plugin only works with...
9.8CVSS
9.5AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...
9.8CVSS
10AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:...
9.8CVSS
9.5AI Score
0.001EPSS