Lucene search

K

Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Security Vulnerabilities

thn
thn

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by...

9.8CVSS

7.8AI Score

0.001EPSS

2024-06-26 04:24 AM
5
ibm
ibm

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

8.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
cve
cve

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

7.9AI Score

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

EPSS

2024-06-25 08:15 PM
1
cvelist
cvelist

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

7.5CVSS

EPSS

2024-06-25 08:05 PM
rapid7blog
rapid7blog

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in...

7.4AI Score

2024-06-25 05:52 PM
ics
ics

PTC Creo Elements/Direct License Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...

8.1AI Score

EPSS

2024-06-25 12:00 PM
ics
ics

ABB Ability System 800xA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: ABB Equipment: 800xA Base Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1...

5.7CVSS

7.3AI Score

0.0004EPSS

2024-06-25 12:00 PM
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

7.4AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
nessus
nessus

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-25 12:00 AM
3
talos
talos

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN....

7.2CVSS

7.8AI Score

EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1814)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nessus
nessus

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This...

7.4AI Score

0.0004EPSS

2024-06-25 12:00 AM
openvas
openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1835)

The remote host is missing an update for the Huawei...

7.5AI Score

0.0004EPSS

2024-06-25 12:00 AM
nvd
nvd

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

0.0004EPSS

2024-06-24 10:15 PM
6
cve
cve

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

8.1AI Score

0.0004EPSS

2024-06-24 10:15 PM
11
nvd
nvd

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...

0.0004EPSS

2024-06-24 09:15 PM
2
cve
cve

CVE-2024-38896

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of...

7.5AI Score

0.0004EPSS

2024-06-24 09:15 PM
7
nvd
nvd

CVE-2024-38892

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh...

0.0004EPSS

2024-06-24 09:15 PM
2
cve
cve

CVE-2024-38892

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh...

6.5AI Score

0.0004EPSS

2024-06-24 09:15 PM
7
cve
cve

CVE-2024-38895

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router...

6.7AI Score

0.0004EPSS

2024-06-24 09:15 PM
7
cve
cve

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...

7.7AI Score

0.0004EPSS

2024-06-24 09:15 PM
5
cve
cve

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

7.9AI Score

0.0004EPSS

2024-06-24 09:15 PM
5
nvd
nvd

CVE-2024-38895

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router...

0.0004EPSS

2024-06-24 09:15 PM
1
nvd
nvd

CVE-2024-38897

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router...

0.0004EPSS

2024-06-24 09:15 PM
1
nvd
nvd

CVE-2024-38896

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of...

0.0004EPSS

2024-06-24 09:15 PM
1
nvd
nvd

CVE-2024-38902

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as...

0.0004EPSS

2024-06-24 09:15 PM
1
nvd
nvd

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

0.0004EPSS

2024-06-24 09:15 PM
1
cve
cve

CVE-2024-38897

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router...

6.9AI Score

0.0004EPSS

2024-06-24 09:15 PM
5
cve
cve

CVE-2024-38902

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as...

7.7AI Score

0.0004EPSS

2024-06-24 09:15 PM
5
citrix
citrix

Cloud Software Group Security Advisory for CVE-2024-3661

Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...

7.6CVSS

6.7AI Score

0.0005EPSS

2024-06-24 08:37 PM
8
nvd
nvd

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

0.0004EPSS

2024-06-24 07:15 PM
2
cve
cve

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

6.4AI Score

0.0004EPSS

2024-06-24 07:15 PM
7
malwarebytes
malwarebytes

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....

7.6AI Score

2024-06-24 07:07 AM
4
osv
osv

Malicious code in @elza/auto-route-plugin (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c0394416e392791c5f23be36b82f8800fa29bfd1381f8be67c7362338279c0d2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-24 01:57 AM
cvelist
cvelist

CVE-2024-38895

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38892

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

0.0004EPSS

2024-06-24 12:00 AM
1
vulnrichment
vulnrichment

CVE-2024-38892

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh...

6.4AI Score

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

0.0004EPSS

2024-06-24 12:00 AM
packetstorm

7.4AI Score

2024-06-24 12:00 AM
46
cvelist
cvelist

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

0.0004EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary...

7.9AI Score

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38897

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38902

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as...

0.0004EPSS

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-38896

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of...

0.0004EPSS

2024-06-24 12:00 AM
hp
hp

AMD Client UEFI – Cross-Process Information Leak

AMD has informed HP of a potential security vulnerability identified in some AMD client processors, which might allow information disclosure. AMD released firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified...

5.5CVSS

7AI Score

0.001EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2024-38902

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as...

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
Total number of security vulnerabilities92576