Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-priv-esc-seAx6NLX)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to...
6.5CVSS
7.1AI Score
0.0004EPSS
Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6732-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6732-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS...
8.8CVSS
7.5AI Score
0.001EPSS
Cisco Access Point Software Secure Boot Bypass (cisco-sa-ap-secureboot-bypass-zT5vJkSD)
According to its self-reported version, Cisco Access Point Software Secure Boot Bypass is affected by a vulnerability. A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and...
5.9CVSS
7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1270-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1270-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue...
8.8CVSS
7.5AI Score
0.001EPSS
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:1269-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1269-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and...
8.8CVSS
8.1AI Score
0.001EPSS
Cisco IOS XE Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to...
8.6CVSS
7AI Score
0.0004EPSS
Cisco IOS Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)
According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload....
8.6CVSS
7AI Score
0.0004EPSS
Cisco IOS XE Software DHCP Snooping with Endpoint Analytics DoS (cisco-sa-dhcp-dos-T3CXPO9z)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of...
8.6CVSS
7.3AI Score
0.0004EPSS
Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...
5.6CVSS
5.6AI Score
0.0004EPSS
Cisco IOS XE Software OSPFv2 DoS (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in...
7.4CVSS
7.2AI Score
0.0004EPSS
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service...
7.4CVSS
7.1AI Score
0.0004EPSS
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance....
7.4AI Score
Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956) A logic issue was addressed with improved validation. This issue is fixed....
6.5CVSS
6.2AI Score
0.001EPSS
App Builder < 3.8.8 - Open Redirection
Description The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.8.7. This is due to insufficient validation on the redirect url supplied via the 'url' parameter. This makes it possible for...
4.7CVSS
6.5AI Score
0.001EPSS
How to protect yourself from online harassment
It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game. But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the.....
7.6AI Score
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec,...
8.3CVSS
9.2AI Score
0.005EPSS
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec,...
8.3CVSS
7.6AI Score
0.005EPSS
A week in security (April 1 – April 7)
A list of topics we covered in the week of April 1 to April 7 of 2024 Last week on Malwarebytes Labs: 60% of small businesses are concerned about cybersecurity threats Cookie consent choices are just being ignored by some websites Bing ad for NordVPN leads to SecTopRAT Jackson County hit by...
7AI Score
7.3AI Score
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.3AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.5AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.2AI Score
0.001EPSS
Cisco Access Points Managed from Catalyst DoS (cisco-sa-ap-dos-h9TGGX6W)
According to its self-reported version, Cisco access points managed by this Cisco Catalyst 9800 Series Wireless Controller are affected by a denial of service vulnerability. Due to insufficient input validation of certain IPv4 packets, an unauthenticated, remote attacker can causing attached...
8.6CVSS
6.9AI Score
0.0004EPSS
Google patches critical vulnerability for Androids with Qualcomm chips
In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings...
9.8CVSS
8.6AI Score
0.001EPSS
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists...
6.1CVSS
5.9AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS <...
6.2AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS <...
6AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS <...
6.5AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.1AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.5AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
5.9AI Score
0.0004EPSS
Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists...
6.1AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS <...
6.2AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS <...
6.1AI Score
0.0004EPSS
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur |.....
6.1AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Cisco IOS Software for Catalyst 6000 Series Switches DoS (cisco-sa-ios-dos-Hq4d3tZG)
According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due...
7.4CVSS
7.1AI Score
0.0004EPSS
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Notes Author| Note ---|--- tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur | starting with.....
6.2AI Score
0.0004EPSS
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven.....
6.9AI Score
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
6.6CVSS
6.4AI Score
0.0004EPSS
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
6.6CVSS
6.8AI Score
0.0004EPSS
A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...
6.6CVSS
6.6AI Score
0.0004EPSS
Security Vulnerabilities fixed in Firefox for iOS 124 — Mozilla
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security...
7AI Score
0.0004EPSS
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...
5.7CVSS
5.4AI Score
0.0004EPSS
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...
5.7CVSS
6.4AI Score
0.0004EPSS
CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling...
5.7CVSS
5.7AI Score
0.0004EPSS
'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's...
5.9AI Score
0.0004EPSS