Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...
6.6CVSS
6.7AI Score
0.0004EPSS
Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...
6.7CVSS
7.3AI Score
0.0004EPSS
Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...
6CVSS
7.2AI Score
0.0004EPSS
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation...
5.7CVSS
6.5AI Score
0.0004EPSS
Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without...
5.5CVSS
6.5AI Score
0.0004EPSS
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper...
4CVSS
6.5AI Score
0.0004EPSS
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific...
4.3CVSS
6.6AI Score
0.0004EPSS
Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...
4CVSS
6.2AI Score
0.0004EPSS
Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory...
6CVSS
6.8AI Score
0.0004EPSS
Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...
4CVSS
6.2AI Score
0.0004EPSS
A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control...
4.4CVSS
6.7AI Score
0.0004EPSS
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a...
2.4CVSS
6.4AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
6.8AI Score
0.0004EPSS
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC...
8.4CVSS
7.1AI Score
0.001EPSS
7.5CVSS
6.8AI Score
0.0004EPSS
8.4CVSS
7.1AI Score
0.001EPSS
Memory corruption when the channel ID passed by user is not validated and further...
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
Memory corruption when size of buffer from previous call is used without validation or...
8.4CVSS
7.3AI Score
0.001EPSS
5.9CVSS
7.1AI Score
0.0004EPSS
Memory corruption when the payload received from firmware is not as per the expected protocol...
7.8CVSS
7.2AI Score
0.0004EPSS
8.4CVSS
7.1AI Score
0.001EPSS
8.4CVSS
7.2AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
Memory corruption when the bandpass filter order received from AHAL is not within the expected...
6.7CVSS
7.1AI Score
0.0004EPSS
Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...
6.1CVSS
6.6AI Score
0.0004EPSS
Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is...
7.5CVSS
6.9AI Score
0.0005EPSS
Memory corruption while copying the sound model data from user to kernel buffer during sound model...
6.7CVSS
7AI Score
0.0004EPSS
Memory corruption while querying module parameters from Listen Sound model client in kernel from user...
6.7CVSS
6.9AI Score
0.0004EPSS
Memory corruption while loading a VM from a signed VM image that is not coherent in the processor...
8.4CVSS
7AI Score
0.001EPSS
Memory corruption when multiple listeners are being registered with the same file...
6.7CVSS
7.1AI Score
0.0004EPSS
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs
Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like.....
7.1AI Score
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components
Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...
8.1AI Score
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
7.3AI Score
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.5AI Score
0.0004EPSS
E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer.....
6.5CVSS
6.7AI Score
0.0004EPSS
Oracle Linux 9 : kernel (ELSA-2024-2394)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2394 advisory. An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results...
9.8CVSS
8.2AI Score
0.003EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8CVSS
8.2AI Score
0.0005EPSS
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.1AI Score
0.001EPSS
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.1AI Score
0.001EPSS
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
7.7AI Score
0.001EPSS
CVE-2023-42128 Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must...
8CVSS
8.3AI Score
0.001EPSS
HP Application Enabling Software Driver - Privileged File Overwrite
A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. Mitigation is available in HP Application...
7.5AI Score
0.0004EPSS
Photo Gallery by 10Web < 1.8.21 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an...
5.3CVSS
7AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Microsoft introduces passkeys for consumer accounts
Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision.....
7.2AI Score
Chirp Systems Chirp Access (Update C)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.3 ATTENTION: Low attack complexity Vendor: Chirp Systems Equipment: Chirp Access Vulnerability: Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to adjust the Beacon configuration settings...
4.3CVSS
9AI Score
0.0004EPSS
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
7.5AI Score