Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and....
9.8CVSS
8.4AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
8.4AI Score
0.001EPSS
Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan....
9.8CVSS
8.2AI Score
0.001EPSS
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...
9.8CVSS
8.4AI Score
0.001EPSS
Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF750C Series firmware v03.07 and earlier sold in Japan....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
7.8AI Score
0.001EPSS
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C....
9.8CVSS
10AI Score
0.001EPSS
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware...
9.8CVSS
10AI Score
0.001EPSS
CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors
Organizations using Qualys CyberSecurity Asset Management (CSAM) can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...
6.8AI Score
SonicWall SonicOS Multiple Vulnerabilities (SNWLID-2023-0012)
According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities with impact to SonicOS Management Web Interface and SSLVPN Portal, but not SonicWall SSLVPN SMA100 and SMA1000 series products. These vulnerabilities...
8.8CVSS
7.4AI Score
0.001EPSS
GLSA-202402-08 : OpenSSL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-08 (OpenSSL: Multiple Vulnerabilities) OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application...
7.5CVSS
8.3AI Score
0.004EPSS
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to...
9.8CVSS
8.9AI Score
0.002EPSS
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to...
9.8CVSS
9.1AI Score
0.002EPSS
Miro Desktop 0.8.18 on macOS allows code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to...
9.8CVSS
9.2AI Score
0.002EPSS
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to...
9.3AI Score
0.002EPSS
Security Advisory YSA-2024-02 - Yubico
To address a low severity privacy issue, Yubico has released updated firmware for YubiKey 5 Series, Security Key Series, and YubiKey Bio Series. The YubiKey CSPN Series and YubiKey 5 FIPS series are also affected. The YubiKey 5 FIPS series will receive this privacy update in the next release of...
6.8AI Score
EPSS
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today......
7.5AI Score
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Version 19, we want to....
9.8CVSS
7.7AI Score
0.001EPSS
Exploit for Cross-Site Request Forgery (CSRF) in Moxa Iologik E1210 Firmware
This repository contains a Python script and a nuclei template...
8.8CVSS
7AI Score
0.001EPSS
Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)
Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system (via memory card or EM file memory) and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...
8.6CVSS
7.7AI Score
0.001EPSS
Cisco Nexus 9000 Information Disclosure (CVE-2023-20185)
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers....
7.4CVSS
7AI Score
0.001EPSS
Advancing Cybersecurity Management With Qualys Cloud Agent
In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods (RAP) and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: Agent...
7.1AI Score
Mitsubishi Electric CNC Series (Update E)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to...
9.8CVSS
9.8AI Score
0.004EPSS
Mitsubishi Electric MELSEC WS Series Ethernet Interface Module
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to login...
7.5CVSS
7.4AI Score
0.001EPSS
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
7.5CVSS
6.7AI Score
0.001EPSS
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
7.5CVSS
7.7AI Score
0.001EPSS
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
7.5CVSS
7.5AI Score
0.001EPSS
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote.....
5.9CVSS
7.9AI Score
0.001EPSS
OSINT in 60 seconds. Mind reading on TV
TL;DR We were asked to help with a Channel 5 consumer education series about online banking scams The presenter, Alexis Conran, was to ‘read’ the minds of members of the public walking past a coffee shop A release form was signed by the targets, with their name, email, and phone number, then...
6.9AI Score
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and...
9.8CVSS
8AI Score
0.009EPSS
Juniper Junos OS Vulnerability (JSA75723)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75723 advisory. An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated...
5.9CVSS
7.4AI Score
0.0005EPSS
Cisco IOS XR Software Image Verification (cisco-sa-lnt-L9zOkBz5)
According to its self-reported version, Cisco IOS XR is affected by a vulnerability. A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a ...
7CVSS
7.6AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
5.4CVSS
6.2AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
5.4CVSS
6.9AI Score
0.0004EPSS
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
6.5AI Score
0.0004EPSS
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
7.2CVSS
7AI Score
0.001EPSS
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
7.2CVSS
6.3AI Score
0.001EPSS
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
7.2CVSS
7.4AI Score
0.001EPSS
Who is Alleged Medibank Hacker Aleksandr Ermakov?
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the...
6.8AI Score
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
5.8CVSS
7.2AI Score
0.001EPSS
A Beginners Guide to Understanding Protobuf & JSON When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term for Protocol Buffers, and JSON, standing for JavaScript Object Notation. Both of these formats carry distinctive...
6.8AI Score
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing...
7.3AI Score
Cisco Small Business Series Switches Stacked Reload ACL Bypass (cisco-sa-sb-bus-acl-bypass-5zn9hNJk)
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
7.2CVSS
7.1AI Score
0.001EPSS
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's....
8.8CVSS
7.1AI Score
0.0005EPSS
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...
7.5CVSS
6.1AI Score
0.001EPSS