KB5037768: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (May 2024)
The remote Windows host is missing security update 5037768. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
KB5037781: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (May 2024)
The remote Windows host is missing security update 5037781. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, ...
8.8CVSS
7.8AI Score
0.008EPSS
Intel Thunderbolt Driver May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...
7CVSS
7.4AI Score
0.0004EPSS
Why car location tracking needs an overhaul
Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware......
6.8AI Score
Apple iOS < 17.5 Multiple Vulnerabilities (HT214101)
The version of Apple iOS running on the mobile device is prior to 17.5. It is, therefore, affected by multiple...
6.6AI Score
Apple iOS < 16.7.8 Multiple Vulnerabilities (HT214100)
The version of Apple iOS running on the mobile device is prior to 16.7.8. It is, therefore, affected by multiple...
6.6AI Score
RHEL 6 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
7.5AI Score
0.009EPSS
RHEL 7 : libmtp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libmtp: Integer overflow in ptp_unpack_OPL function (CVE-2017-9832) An integer overflow vulnerability in...
7.5AI Score
0.009EPSS
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.7AI Score
0.38EPSS
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting
A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It is possible to initiate the attack...
3.5CVSS
4.1AI Score
0.0004EPSS
CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting
A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument company_name/mobile leads to cross site scripting. It is possible to initiate the attack...
3.5CVSS
6.2AI Score
0.0004EPSS
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning...
6.5CVSS
6.6AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.7AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...
8.3CVSS
8.5AI Score
0.0004EPSS
CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...
8.3CVSS
7AI Score
0.0004EPSS
DocGo patient health data stolen in cyberattack
Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...
7.7AI Score
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....
7.7AI Score
7.8CVSS
8AI Score
0.0004EPSS
Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset...
4.9CVSS
6.5AI Score
0.0004EPSS
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for...
5.5CVSS
6.7AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy...
5.1CVSS
6.8AI Score
0.0004EPSS
Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of...
6.2CVSS
6.5AI Score
0.0004EPSS
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...
5.5CVSS
6.5AI Score
0.0004EPSS
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.7AI Score
0.0004EPSS
Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...
6.7CVSS
7.3AI Score
0.0004EPSS
Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...
6CVSS
7.2AI Score
0.0004EPSS
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation...
5.7CVSS
6.5AI Score
0.0004EPSS
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper...
4CVSS
6.5AI Score
0.0004EPSS
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific...
4.3CVSS
6.6AI Score
0.0004EPSS
Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...
4CVSS
6.2AI Score
0.0004EPSS
Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory...
6CVSS
6.8AI Score
0.0004EPSS
Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...
4CVSS
6.2AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
Pixel Watch Security Bulletin—May 2024
The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-05-05 or later address all applicable issues in the May 2024 Android Security Bulletin and all issues in this bulletin....
7.8AI Score
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...
8.4CVSS
7.1AI Score
0.001EPSS
7.5CVSS
6.8AI Score
0.0004EPSS
8.4CVSS
7.1AI Score
0.001EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS