Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability....
6.7AI Score
0.001EPSS
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the...
6.7AI Score
0.001EPSS
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful...
6.2AI Score
0.001EPSS
Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability...
6.5AI Score
0.001EPSS
Description of the security update for Outlook 2013: February 11, 2020
Description of the security update for Outlook 2013: February 11, 2020 Summary This security update resolves a security feature bypass vulnerability that exists in Microsoft Outlook software if it incorrectly handles the parsing of URI formats. To learn more about the vulnerability, see Microsoft.....
6.7AI Score
0.001EPSS
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, over two thousand WordPress sites were compromised using a malicious script that redirects visitors to scam websites. Also, read about how...
-0.1AI Score
Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition
Facebook has agreed to pay $550 million to Illinois users to settle a class action lawsuit filed over the use of its face-tagging technology to collect facial-recognition data on its social media platform. The company unveiled the settlement on a quarterly financial call Wednesday, in which it...
0.5AI Score
Threat Source newsletter (Jan. 30, 2020)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for now, but please...
-0.4AI Score
0.975EPSS
Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards
Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while using VMware...
1.9AI Score
0.002EPSS
7.8CVSS
Security Advisory - Insufficient Authentication Vulnerability in Some Huawei products
There is an insufficient authentication vulnerability in some Huawei products. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. (Vulnerability ID: HWPSIRT-2019-10077)...
6.8CVSS
6.4AI Score
0.001EPSS
Security Advisory - Insufficient Verification Vulnerability in Some Huawei products
There is an insufficient verification vulnerability in some Huawei products. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. (Vulnerability ID: HWPSIRT-2019-10094)...
6.8CVSS
6.2AI Score
0.001EPSS
Security Advisory - Insufficient Verification Vulnerability in Some Huawei Products
There is an insufficient verification vulnerability in some Huawei products. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.(Vulnerability ID: HWPSIRT-2019-10092) This vulnerability has...
6.1CVSS
6AI Score
0.001EPSS
Security Advisory - Insufficient Authentication Vulnerability in OSCA Products
There is an insufficient authentication vulnerability in OSCA products. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential....
6.8CVSS
6.4AI Score
0.001EPSS
AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
8.6CVSS
0.6AI Score
0.001EPSS
AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
Summary An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially...
9CVSS
0.5AI Score
0.002EPSS
AMD ATI Radeon ATIDXX64.DLL shader functionality constant buffer denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
8.6CVSS
0.2AI Score
0.001EPSS
AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
8.6CVSS
0.2AI Score
0.001EPSS
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...
7.5CVSS
7.6AI Score
0.001EPSS
ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)
The remote host is running ProFTPD. It is affected by a vulnerability in the mod_copy module which fails to honor and configurations as expected. An unauthenticated, remote attacker can exploit this, by using the mod_copy module's functionality, in order to copy arbitrary files in the FTP...
9.8CVSS
0.4AI Score
0.945EPSS
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients...
7.4CVSS
0.6AI Score
0.974EPSS
Threat Source newsletter (Dec. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about what we learned. ...
-0.1AI Score
0.3AI Score
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web...
-0.1AI Score
7.4AI Score
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
Oracle Siebel Sales 8.1 - Persistent Cross-Site...
0.1AI Score
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...
8.6CVSS
8.2AI Score
0.001EPSS
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel shader...
0.3AI Score
0.001EPSS
AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability
Summary An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can.....
8.6CVSS
0.1AI Score
0.001EPSS
Showmax: Open Redirect in secure.showmax.com
The hacker submitted open redirect vulnerability in one of our payment method flows. The vulnerability could have been also used to perform XSS attack. write-up:...
1AI Score
0.8AI Score
An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...
10CVSS
9.3AI Score
0.002EPSS
Insurance Pays Out a Sliver of Norsk Hydro's Cyberattack Damages
On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to...
-0.4AI Score
Siemens SINAMICS S210 6SL3210-5HE12-0UF0 Servo Drive Detection
The 6SL3210-5HE12-0UF0 Servo Drive is characterized by: Input voltage: 200-480V 3AC; 3.8 A 45-66 Hz Output voltage: 0-input V; 3.0 A; 0-550 Hz Motor: 1.0 kW; degree of protection...
1.9AI Score
Siemens SINAMICS S210 6SL3210-5HB10-8UF0 Servo Drive Detection
The 6SL3210-5HB10-8UF0 Servo Drive is characterized by: Input voltage: 200-240V 1AC; 9.3 A; 45-66 Hz; Output voltage: 0-input V; 4.4 A; 0-550 Hz; Motor: 0.75 kW; degree of protection...
1.9AI Score
Siemens SINAMICS S210 6SL3210-5HE10-4UF0 Servo Drive Detection
The 6SL3210-5HE10-4UF0 Servo Drive is characterized by: Input voltage: 200-480V 3AC; 1.5 A; 45-66 Hz; Output voltage: 0-input V; 1.2 A; 0-550 Hz; Motor: 0.4 kW; degree of protection...
1.9AI Score
Siemens SINAMICS S210 6SL3210-5HE11-5UF0 Servo Drive Detection
The 6SL3210-5HE11-5UF0 Servo Drive is characterized by: Input voltage: 200-480V 3AC; 3.8 A 45-66 Hz Output voltage: 0-input V; 3.0 A; 0-550 Hz Motor: 1.0 kW; degree of protection...
1.9AI Score
Siemens SINAMICS S210 6SL3210-5HE11-0UF0 Servo Drive Detection
The 6SL3210-5HE11-0UF0 Servo Drive is characterized by: Input voltage: 200-480V 3AC; 3.8 A 45-66 Hz Output voltage: 0-input V; 3.0 A; 0-550 Hz Motor: 1.0 kW; degree of protection...
1.9AI Score
Adobe ColdFusion RDS Authentication Bypass
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to the....
0.8AI Score
Ransomware Hits B2B Payments Firm Billtrust
Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a...
7.2AI Score
indegy.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-995800 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
0.6AI Score
0.1AI Score
7.4AI Score
0.6AI Score
9.8CVSS
0.6AI Score
0.008EPSS
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
DameWare Remote Support 12.1.0.34 - Buffer Overflow...
0.4AI Score
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series - Multiple...
0.6AI Score
7.4AI Score
EPSS