Seil%2fx86 Firmware Security Vulnerabilities

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie...

8.1AI Score

0.0004EPSS

2024-06-24 02:15 PM

22

nvd

XZ backdoor: Hook analysis

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie...

0.0004EPSS

2024-06-24 02:15 PM

1

securelist

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

8.6AI Score

2024-06-24 10:00 AM

2

nessus

Amazon Linux 2 : qemu (ALAS-2024-2572)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2572 advisory. A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio- crypto), where the...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-24 12:00 AM

1

nessus

CentOS 9 : kernel-5.14.0-467.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-467.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not...

5.5CVSS

7.4AI Score

EPSS

2024-06-24 12:00 AM

4

vulnrichment

Netis MW5360 Remote Command Execution

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie...

8AI Score

0.0004EPSS

2024-06-24 12:00 AM

4

packetstorm

...

9.8CVSS

7.1AI Score

0.005EPSS

2024-06-24 12:00 AM

101

cvelist

Netis MW5360 Remote Command Execution Exploit

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie...

0.0004EPSS

2024-06-24 12:00 AM

zdt

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...

9.8CVSS

7.8AI Score

0.005EPSS

2024-06-24 12:00 AM

42

nessus

Amazon Linux AMI : kernel (ALAS-2024-1942)

The version of kernel installed on the remote host is prior to 4.14.348-187.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1942 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

6.5CVSS

8.1AI Score

0.0004EPSS

2024-06-24 12:00 AM

nessus

Amazon Linux 2 : kernel (ALAS-2024-2581)

The version of kernel installed on the remote host is prior to 4.14.348-265.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2581 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

6.5CVSS

8.8AI Score

0.0004EPSS

2024-06-24 12:00 AM

5

hp

AMD Client UEFI – Cross-Process Information Leak

AMD has informed HP of a potential security vulnerability identified in some AMD client processors, which might allow information disclosure. AMD released firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified...

5.5CVSS

7AI Score

0.001EPSS

2024-06-24 12:00 AM

githubexploit

Exploit for Command Injection in Contec Solarview Compact Firmware

SolarView Compact 6.00 Command Injection Exploit...

9.8CVSS

10AI Score

0.963EPSS

2024-06-22 05:54 PM

87

githubexploit

Exploit for Command Injection in Contec Solarview Compact Firmware

SolarView Compact 6.00 Command Injection Exploit...

9.8CVSS

10AI Score

0.963EPSS

2024-06-22 05:54 PM

92

nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...

8CVSS

8.4AI Score

EPSS

2024-06-22 12:00 AM

4

githubexploit

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

This script automatically exploits vulnerability in OpenPLC Web...

8.8CVSS

9.1AI Score

0.006EPSS

2024-06-21 10:10 PM

115

redhatcve

Metasploit Weekly Wrap-Up 06/21/2024

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0...

6.7AI Score

0.0004EPSS

2024-06-21 07:53 PM

1

redhatcve

CVE-2024-36484

In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not...

6.7AI Score

0.0004EPSS

2024-06-21 07:52 PM

redhatcve

CVE-2024-36286

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0...

6.9AI Score

0.0004EPSS

2024-06-21 07:52 PM

redhatcve

CVE-2024-31076

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the...

6.8AI Score

0.0004EPSS

2024-06-21 07:20 PM

rapid7blog

Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...

9.8CVSS

8.9AI Score

0.967EPSS

2024-06-21 06:53 PM

12

wallarmlab

CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models

ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....

9.8CVSS

7.8AI Score

0.001EPSS

2024-06-21 05:13 PM

6

redhatcve

CVE-2024-37356

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). In dctcp_update_alpha(), we use a module parameter dctcp_shift_g as follows: alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g); ... delivered_ce <<= (10 - dctcp_s...

6.8AI Score

0.0004EPSS

2024-06-21 02:52 PM

4

redhatcve

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....

6.8AI Score

0.0004EPSS

2024-06-21 02:26 PM

1

redhatcve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

7.8CVSS

6.3AI Score

0.0004EPSS

2024-06-21 01:52 PM

4

redhatcve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

6.3AI Score

0.0004EPSS

2024-06-21 01:52 PM

1

debiancve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-06-21 12:15 PM

12

nvd

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

7.8CVSS

0.0004EPSS

2024-06-21 12:15 PM

2

cve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

7.8CVSS

6.2AI Score

0.0004EPSS

2024-06-21 12:15 PM

25

debiancve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

6.8AI Score

0.0004EPSS

2024-06-21 12:15 PM

2

cve

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

6.3AI Score

0.0004EPSS

2024-06-21 12:15 PM

22

nvd

CVE-2024-34777 dma-mapping: benchmark: fix node id validation

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

0.0004EPSS

2024-06-21 12:15 PM

3

cvelist

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN:...

0.0004EPSS

2024-06-21 11:18 AM

9

vulnrichment

CVE-2024-39277 dma-mapping: benchmark: handle NUMA_NO_NODE correctly

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

6.5AI Score

0.0004EPSS

2024-06-21 11:15 AM

1

cvelist

CVE-2024-39277 dma-mapping: benchmark: handle NUMA_NO_NODE correctly

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

0.0004EPSS

2024-06-21 11:15 AM

2

cve

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0...

6.3AI Score

0.0004EPSS

2024-06-21 11:15 AM

21

debiancve

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 ...

6.8AI Score

0.0004EPSS

2024-06-21 11:15 AM

2

nvd