Lucene search
+L

163 matches found

OSV
OSV
added 2024/11/27 7:59 p.m.10 views

MGASA-2024-0374 Updated zbar packages fix security vulnerabilities

A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

9.8CVSS9.6AI score0.01787EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/11/27 11:30 a.m.5 views

Latest Multi-Stage Attack Scenarios with Real-World Examples

Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2024/11/26 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:4050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.00809EPSS
Exploits0References5
NVD
NVD
added 2024/11/22 8:15 p.m.20 views

CVE-2024-6247

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...

6.8CVSS0.02175EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.56 views

CVE-2024-6247

CVE-2024-6247 involves Wyze Cam v3 where the OS command injection occurs through handling of SSIDs embedded in scanned QR codes. The root cause is improper validation of a user-supplied string used in a system call, enabling a local attacker with physical access to execute code as root on affecte...

6.8CVSS7.2AI score0.02175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.23 views

CVE-2024-6247 Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...

6.8CVSS0.02175EPSS
Exploits0References2
OSV
OSV
added 2024/11/21 12:23 p.m.3 views

USN-7118-1 zbar vulnerabilities

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...

9.8CVSS5.8AI score0.01787EPSS
Exploits0References3
Talos Blog
Talos Blog
added 2024/11/20 11:0 a.m.7 views

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Cisco Talos' data, roughly 60% of all email containing a QR code is spam. Talos discovered two...

7.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/18 8:12 a.m.8 views

A week in security (November 11 – November 17)

Last week on Malwarebytes Labs: Malicious QR codes sent in the mail deliver malware 122 million people’s business contact info leaked by data broker Advertisers are pushing ad and pop-up blockers using old tricks Scammer robs homebuyers of life savings in $20 million theft spree Temu must respect...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/15 4:25 p.m.10 views

Malicious QR codes sent in the mail deliver malware

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre NCSC. The letters are sent as if they come from the official Swiss Federal Office of Meteorology and...

7AI score
Exploits0
NVD
NVD
added 2024/11/11 6:15 a.m.41 views

CVE-2024-51572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

6.5CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/11 5:49 a.m.13 views

CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/11 5:49 a.m.42 views

CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

6.5CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 5:49 a.m.57 views

CVE-2024-51572

CVE-2024-51572 is a stored XSS in WordPress plugin LH QR Codes (versions

6.5CVSS5.9AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.7 views

WordPress plugin LH QR Codes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/10 12:0 a.m.11 views

PT-2024-34715 · Peter Shaw · Lh Qr Codes

Name of the Vulnerable Software and Affected Versions: LH QR Codes versions n/a through 1.06 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Peter Shaw LH QR Codes...

6.5CVSS5.7AI score0.00243EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/10/31 11:43 a.m.8 views

WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin LH QR Codes versions = 1.06...

6.5CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.22 views

WordPress LH QR Codes Plugin <= 1.06 is vulnerable to Cross Site Scripting (XSS)

Software LH QR Codes Type Plugin Vulnerable versions = 1.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8fc226cfb24a Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00243EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2024/10/25 2:47 p.m.9 views

Enhancing Study with QR Codes: A Modern Educational Tool

QR codes are enhancing education by giving students instant access to study resources, interactive homework, and collaborative tools.…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/11 5:13 p.m.23 views

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...

7AI score
Exploits0
Rows per page
Query Builder