A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN...
8.1CVSS
8.3AI Score
0.0004EPSS
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN...
8.1CVSS
8.2AI Score
0.0004EPSS
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN...
8.1CVSS
8.1AI Score
0.0004EPSS
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1,...
7.2CVSS
7.2AI Score
0.001EPSS
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37....
5.7CVSS
5.4AI Score
0.0004EPSS
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1,...
7.2CVSS
7.2AI Score
0.001EPSS
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37....
5.7CVSS
5.4AI Score
0.0004EPSS
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed...
6.5CVSS
6.3AI Score
0.0004EPSS
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed...
6.5CVSS
6.3AI Score
0.0004EPSS
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1,...
7.2CVSS
8.2AI Score
0.001EPSS
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed...
6.5CVSS
7.2AI Score
0.0004EPSS
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37....
5.7CVSS
7.1AI Score
0.0004EPSS
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN...
8.1CVSS
7.7AI Score
0.0004EPSS
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN...
8.1CVSS
8.5AI Score
0.0004EPSS
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37....
5.7CVSS
5.7AI Score
0.0004EPSS
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1,...
7.2CVSS
7.5AI Score
0.001EPSS
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed...
6.5CVSS
6.5AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. Notes Author| Note ---|--- tyhicks | ...
6.1AI Score
0.0004EPSS
The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1923 The Biosig Project libbiosig sopen_FAMOS_read use-after-free vulnerability February 20, 2024 CVE Number CVE-2024-23310 SUMMARY A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master...
9.8CVSS
7.5AI Score
0.001EPSS
The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1922 The Biosig Project libbiosig sopen_FAMOS_read integer underflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23313 SUMMARY An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project.....
9.8CVSS
9.6AI Score
0.0004EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
10AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox 123 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...
8.1AI Score
0.0004EPSS
Security Vulnerabilities fixed in Thunderbird 115.8 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...
8.1AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox ESR 115.8 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...
8.1AI Score
0.0004EPSS
The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1921 The Biosig Project libbiosig sopen_FAMOS_read integer overflow to out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-21812 SUMMARY An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project...
9.8CVSS
7.9AI Score
0.001EPSS
The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2024-1925 The Biosig Project libbiosig sopen_FAMOS_read NULL calloc out-of-bounds write vulnerability February 20, 2024 CVE Number CVE-2024-23606 SUMMARY An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project...
9.8CVSS
7.7AI Score
0.001EPSS
The version of Firefox installed on the remote Windows host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting...
10AI Score
0.0004EPSS
Security Advisory 0092 PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release CVSSv3.1 Base Score: 9.8 (CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ) Common Weakness Enumeration: CWE-1394 Use of default cryptographic key This vulnerability is...
6.7AI Score
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-051-01)
The version of mozilla-firefox installed on the remote host is prior to 115.8.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-051-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
9.7AI Score
0.0004EPSS
The version of Thunderbird installed on the remote Windows host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-07 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
7.8AI Score
0.0004EPSS
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-07 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been...
7.8AI Score
0.0004EPSS
Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities
Talos Vulnerability Report TALOS-2024-1931 Imaging Data Commons libdicom DICOM File Meta Information Parsing Use-After-Free vulnerabilities February 20, 2024 CVE Number CVE-2024-24793,CVE-2024-24794 SUMMARY A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in...
8.1CVSS
8.3AI Score
0.001EPSS
The version of Firefox ESR installed on the remote Windows host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
10AI Score
0.0004EPSS
Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...
3.1CVSS
3.7AI Score
0.0004EPSS
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-06 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been...
10AI Score
0.0004EPSS
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of...
9.8CVSS
9.6AI Score
0.074EPSS
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 A PHP External Variable Modification...
9.8CVSS
7.3AI Score
0.966EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
6.8AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7.4AI Score
0.0004EPSS
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or...
7AI Score
0.0004EPSS
Summary Vulnerabilitiy in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-24998). Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
7.5CVSS
7.5AI Score
0.034EPSS
Summary This security bulletin addresses the vulnerabilitiy in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998) Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat...
7.5CVSS
7.6AI Score
0.034EPSS
U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...
9.8CVSS
9.8AI Score
0.915EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.9AI Score
EPSS
Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.3AI Score
0.001EPSS
This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...
7.2AI Score
How ransomware changed in 2023
In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. The gang's novel approach challenged a bottleneck that makes it....
7.2AI Score
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS