K000140029: libcurl vulnerability CVE-2024-2398
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...
6.6AI Score
0.0004EPSS
Linux kernel (HWE) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-hwe-6.5 - Linux hardware enablement (HWE) kernel Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.5AI Score
0.001EPSS
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
0.001EPSS
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
8.4AI Score
0.001EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
6.7AI Score
0.001EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
0.001EPSS
7.8CVSS
8.8AI Score
0.001EPSS
RHEL 7 : linux-firmware (RHSA-2024:3939)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
8.2CVSS
7.4AI Score
0.0005EPSS
7.5CVSS
7.9AI Score
0.005EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:2005-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
openSUSE: Security Advisory for kernel (SUSE-SU-2024:1990-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
linux-nvidia-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
7.4AI Score
0.001EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
7.2AI Score
0.0004EPSS
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...
6.8AI Score
0.0004EPSS
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...
0.0004EPSS
alsa-sof-firmware bug fix and enhancement update
An update is available for alsa-sof-firmware. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....
6.8AI Score
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...
9.8CVSS
10AI Score
0.001EPSS
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...
9.8CVSS
0.001EPSS
CVE-2024-3912 ASUS Router - Upload arbitrary firmware
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...
9.8CVSS
8.1AI Score
0.001EPSS
CVE-2024-3912 ASUS Router - Upload arbitrary firmware
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...
9.8CVSS
0.001EPSS
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...
10CVSS
9.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....
7AI Score
0.0004EPSS
Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...
8.2CVSS
6.9AI Score
0.0004EPSS
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...
7AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.005EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
Zyxel NAS Multiple Vulnerabilities
The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request....
9.8CVSS
9.7AI Score
0.937EPSS
9.8CVSS
7.4AI Score
0.919EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...
9.8CVSS
8.4AI Score
0.005EPSS
RICOH Printers Improper Authentication Vulnerability (Mar 2024)
Multiple RICOH printers and multifunction printers are prone to an improper authentication...
7.3AI Score
0.0004EPSS
Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged...
0.0004EPSS
Linux kernel (NVIDIA) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-nvidia-6.5 - Linux kernel for NVIDIA systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this...
7.8CVSS
7.5AI Score
0.001EPSS
Fortinet Fortigate (FG-IR-22-059)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...
7.5CVSS
7AI Score
0.013EPSS
In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
5.9AI Score
0.0004EPSS
In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
0.0004EPSS
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for...
6.2AI Score
0.0004EPSS
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
6AI Score
0.0004EPSS
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
0.0004EPSS
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
6AI Score
0.0004EPSS
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
0.0004EPSS
In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for...
0.0004EPSS
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
0.0004EPSS
In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
5.9AI Score
0.0004EPSS
In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
6.2AI Score
0.0004EPSS
In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for...
0.0004EPSS
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
0.0004EPSS
In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
6.3AI Score
0.0004EPSS
In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for...
0.0004EPSS