Lucene search

K

Ryzen™ 7020 Series Mobile Processors “Mendocino” Security Vulnerabilities

malwarebytes
malwarebytes

Malwarebytes Premium stops 100% of malware during AV Lab test

Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

7AI Score

2024-06-26 10:55 AM
1
ibm
ibm

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...

9.8CVSS

10AI Score

EPSS

2024-06-26 09:20 AM
6
thn
thn

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through...

6.9AI Score

2024-06-26 07:38 AM
3
thn
thn

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by...

9.8CVSS

7.8AI Score

0.001EPSS

2024-06-26 04:24 AM
34
ibm
ibm

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

8.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
1
cve
cve

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-25 08:15 PM
6
nvd
nvd

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

0.0004EPSS

2024-06-25 08:15 PM
2
cvelist
cvelist

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

0.0004EPSS

2024-06-25 08:05 PM
nvd
nvd

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

0.0004EPSS

2024-06-25 04:15 PM
3
cve
cve

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

7.2AI Score

0.0004EPSS

2024-06-25 04:15 PM
4
nvd
nvd

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

0.0004EPSS

2024-06-25 04:15 PM
2
cve
cve

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

9.1AI Score

0.0004EPSS

2024-06-25 04:15 PM
5
nvd
nvd

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

0.0004EPSS

2024-06-25 04:15 PM
1
cve
cve

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

7.5AI Score

0.0004EPSS

2024-06-25 04:15 PM
3
cvelist
cvelist

CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

0.0004EPSS

2024-06-25 04:11 PM
1
cvelist
cvelist

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

0.0004EPSS

2024-06-25 04:01 PM
vulnrichment
vulnrichment

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

8.8AI Score

0.0004EPSS

2024-06-25 04:01 PM
cvelist
cvelist

CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

0.0004EPSS

2024-06-25 03:53 PM
3
nvd
nvd

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

7.2CVSS

0.001EPSS

2024-06-25 02:15 PM
cve
cve

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-25 02:15 PM
3
vulnrichment
vulnrichment

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

7.2CVSS

7.5AI Score

0.001EPSS

2024-06-25 02:01 PM
cvelist
cvelist

CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....

7.2CVSS

0.001EPSS

2024-06-25 02:01 PM
1
nvd
nvd

CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

6.3CVSS

0.0004EPSS

2024-06-25 10:15 AM
1
cve
cve

CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-06-25 10:15 AM
5
cve
cve

CVE-2024-4640

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-25 10:15 AM
6
nvd
nvd

CVE-2024-4640

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

7.1CVSS

0.0004EPSS

2024-06-25 10:15 AM
1
cve
cve

CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-06-25 10:15 AM
6
nvd
nvd

CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

0.0004EPSS

2024-06-25 10:15 AM
1
cvelist
cvelist

CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of...

6.3CVSS

0.0004EPSS

2024-06-25 09:23 AM
1
cvelist
cvelist

CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

7.1CVSS

0.0004EPSS

2024-06-25 09:19 AM
1
vulnrichment
vulnrichment

CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-25 09:19 AM
nvd
nvd

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

0.0004EPSS

2024-06-25 09:15 AM
3
cve
cve

CVE-2024-4638

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-25 09:15 AM
4
vulnrichment
vulnrichment

CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

7.4AI Score

0.0004EPSS

2024-06-25 09:15 AM
cvelist
cvelist

CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

0.0004EPSS

2024-06-25 09:15 AM
4
cvelist
cvelist

CVE-2024-4638 OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized...

7.1CVSS

0.0004EPSS

2024-06-25 08:49 AM
thn
thn

4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree

Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien...

7AI Score

2024-06-25 03:52 AM
10
cve
cve

CVE-2023-5038

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

6.9AI Score

0.0004EPSS

2024-06-25 03:15 AM
4
arista
arista

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

7AI Score

EPSS

2024-06-25 12:00 AM
spring
spring

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in...

7.1AI Score

2024-06-25 12:00 AM
1
talos
talos

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....

7.2CVSS

7.8AI Score

0.001EPSS

2024-06-25 12:00 AM
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
8
nvd
nvd

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the...

0.0004EPSS

2024-06-24 03:15 PM
1
cve
cve

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the...

6.4AI Score

0.0004EPSS

2024-06-24 03:15 PM
7
cvelist
cvelist

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the...

0.0004EPSS

2024-06-24 03:03 PM
2
vulnrichment
vulnrichment

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the...

6.7AI Score

0.0004EPSS

2024-06-24 03:03 PM
malwarebytes
malwarebytes

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....

7.6AI Score

2024-06-24 07:07 AM
4
packetstorm

7.4AI Score

2024-06-24 12:00 AM
52
packetstorm

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
48
hp
hp

AMD Client UEFI – Cross-Process Information Leak

AMD has informed HP of a potential security vulnerability identified in some AMD client processors, which might allow information disclosure. AMD released firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified...

5.5CVSS

7AI Score

0.001EPSS

2024-06-24 12:00 AM
Total number of security vulnerabilities74294