CVE-2024-1220 NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of...
8.2CVSS
8.4AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.003EPSS
Cisco NX-OS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)
According to its self-reported version, Cisco NX-OS System Software is affected by a denial of service (DoS) vulnerability. The vulnerability lies in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software and could allow an unauthenticated, adjacent attacker to cause a denial of.....
6.6CVSS
6.6AI Score
0.0004EPSS
Dell Client BIOS DoS (DSA-2023-467)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by an improper NULL termination vulnerability that can result in a denial of service (DoS) condition. A high-privilege user with network access to the affected device can send malicious data to the device in....
6.8CVSS
6.6AI Score
0.0004EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2024-022)
The version of firefox installed on the remote host is prior to 115.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-022 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
9.6AI Score
0.0004EPSS
ruby-image-processing vulnerability
It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary...
9.8CVSS
7.5AI Score
0.003EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Nice Equipment: Linear eMerge E3-Series Vulnerabilities: Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with Dangerous...
10CVSS
10AI Score
0.974EPSS
No “Apple magic” as 11% of macOS detections last year came from malware
We’re going to let you in on a little cybersecurity secret… There’s malware on Mac computers. There pretty much always has been. As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants of....
6.5AI Score
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...
6.2CVSS
6.2AI Score
0.0004EPSS
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...
6.2CVSS
6.2AI Score
0.0004EPSS
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...
6.2CVSS
6.2AI Score
0.0004EPSS
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...
6.2CVSS
6.4AI Score
0.0004EPSS
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll."....
7.1AI Score
Ubuntu 20.04 LTS / 22.04 LTS : ImageProcessing vulnerability (USN-6675-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6675-1 advisory. image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the #apply method from...
9.8CVSS
7.1AI Score
0.003EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6672-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6672-1 advisory. A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear...
7.5CVSS
7.2AI Score
0.001EPSS
Amazon Linux 2 : thunderbird (ALAS-2024-2477)
The version of thunderbird installed on the remote host is prior to 115.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2477 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
9.6AI Score
0.0004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages ruby-image-processing - High-level image processing wrapper for libvips and ImageMagick/GraphicsMagick Details It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user...
9.8CVSS
7.8AI Score
0.003EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4.2AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
7.2AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
4.3AI Score
0.0004EPSS
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and...
3.1CVSS
6.9AI Score
0.0004EPSS
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request...
9.8CVSS
10AI Score
0.059EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash....
8.8CVSS
8.3AI Score
0.001EPSS
Debian dla-3747 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
8AI Score
0.0004EPSS
Debian dla-3748 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3748 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
9.7AI Score
0.0004EPSS
openSUSE: Security Advisory for golang (SUSE-SU-2023:2598-1)
The remote host is missing an update for...
8.8CVSS
8.3AI Score
0.024EPSS
openSUSE: Security Advisory for SUSE Manager Client Tools (SUSE-SU-2023:3868-1)
The remote host is missing an update for...
8.8CVSS
7.3AI Score
0.024EPSS
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages,...
7.5AI Score
Cisco Nexus 3600 External BGP DoS (cisco-sa-nxos-po-acl-TkyePgvL)
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
8.6CVSS
7.3AI Score
0.0005EPSS
Cisco NX-OS Software MPLS Encapsulated IPv6 DoS (cisco-sa-ipv6-mpls-dos-R9ycXkwM)
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of...
8.6CVSS
7.3AI Score
0.0005EPSS
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications......
7.1AI Score
Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. (CVE-2024-1546) Through a series of A...
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied. All slab objects are charged with...
6.6AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.2AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.3AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
8.1AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
7.8AI Score
0.0004EPSS
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and...
8.3AI Score
0.0004EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
5.5AI Score
0.0004EPSS
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific...
6.6CVSS
6.5AI Score
0.0004EPSS
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
8.6CVSS
8.3AI Score
0.0005EPSS
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific...
6.6CVSS
6.5AI Score
0.0004EPSS
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...
8.6CVSS
8.4AI Score
0.0005EPSS
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This...
5.3CVSS
5.5AI Score
0.0004EPSS
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
5.7AI Score
0.0004EPSS
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is....
5.8CVSS
5.7AI Score
0.0004EPSS
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of...
8.6CVSS
8.5AI Score
0.0005EPSS
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of...
8.6CVSS
8.3AI Score
0.0005EPSS
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific...
6.6CVSS
7.2AI Score
0.0004EPSS