Unbreakable Enterprise kernel-container security update
[5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c:....
9.8CVSS
9.6AI Score
0.001EPSS
Zyxel zysh - Format string Exploit
Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,.....
7.8CVSS
7.5AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.6AI Score
0.0004EPSS
Mitsubishi MELSEC WS Ethernet Interface Modules Authentication Bypass (CVE-2023-6374)
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
7.5CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.0004EPSS
Cisco Expressway Series XSRF (cisco-sa-expressway-csrf-KnnZDMj3)
According to its self-reported version, Cisco Expressway Series is affected by multiple vulnerabilities. A vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery...
9.6CVSS
8.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1136)
The remote host is missing an update for the Huawei...
3.7CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Spyware isn’t going anywhere, and neither are its tactics
Private and public efforts to curb the use of spyware and activity of other "mercenary" groups have heated up over the past week, with the U.S. government taking additional action against spyware users and some of the world's largest tech companies calling out international governments to do more.....
8.8CVSS
6.8AI Score
0.961EPSS
eza Potential Heap Overflow Vulnerability for AArch64
Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...
7.5AI Score
0.0004EPSS
eza Potential Heap Overflow Vulnerability for AArch64
Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...
7.5AI Score
0.0004EPSS
A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...
6.9AI Score
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score:.....
10CVSS
9.6AI Score
0.001EPSS
EulerOS 2.0 SP5 : curl (EulerOS-SA-2024-1136)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met....
3.7CVSS
8AI Score
0.001EPSS
Apple Security Update: watchOS 10.3.1
Apple recommends to install security update watchOS 10.3.1 on devices Apple Watch Series 4 and...
7AI Score
Dell Client BIOS DoS (DSA-2023-176)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a denial of service vulnerability. Due to a signed to unsigned conversion error, a local attacker with administrator privileges can cause a denial of service condition on an affected device. Note that...
6.7CVSS
4.8AI Score
0.0004EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
9.6CVSS
9.2AI Score
0.001EPSS
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
8.2CVSS
7.6AI Score
0.001EPSS
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
7.1CVSS
8.3AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
8.8CVSS
9.7AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
9.6CVSS
9.2AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
8.8CVSS
9.7AI Score
0.001EPSS
Cross site request forgery (csrf)
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
8.8CVSS
7.6AI Score
0.001EPSS
Cross site request forgery (csrf)
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
8.8CVSS
7.6AI Score
0.001EPSS
Cross site request forgery (csrf)
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
7.1CVSS
7.5AI Score
0.001EPSS
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for...
8.2CVSS
8.5AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
9.6CVSS
9.7AI Score
0.001EPSS
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series"...
9.6CVSS
9.7AI Score
0.001EPSS
Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities
Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks, which could allow the attacker to perform arbitrary actions on an affected device. Note: Cisco Expressway Series refers to Cisco Expressway.....
7.6AI Score
0.001EPSS
Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security
Rapid cloud and SaaS adoption is driving digital transformation that's reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection...
9.8CVSS
7.1AI Score
0.09EPSS
Juniper Junos OS Remote Code Execution
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...
7.8AI Score
Directory Traversal: Examples, Testing, and Prevention
Unveiling the Enigma of Path Navigation: An Exhaustive Exploration and Insight Path Navigation, often referred to as Folder Navigation, symbolizes a kind of security extraction point allowing unauthorized individuals to gain unauthorized access to specific files held within a server's database...
7.8AI Score
Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan....
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
9.7AI Score
0.001EPSS
Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan....
9.8CVSS
9.8AI Score
0.001EPSS
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and....
9.8CVSS
9.8AI Score
0.001EPSS
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...
9.8CVSS
9.8AI Score
0.001EPSS
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and....
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
9.8CVSS
9.8AI Score
0.001EPSS
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
9.8CVSS
9.9AI Score
0.001EPSS
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
8.7AI Score
0.001EPSS
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
8.6AI Score
0.001EPSS
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and....
9.8CVSS
8.4AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
8.4AI Score
0.001EPSS