MERIT LILIN ENT.CO.,LTD. Security Vulnerabilities
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not...
5.5CVSS
7.4AI Score
0.0004EPSS
Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...
7.6AI Score
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability Summary: | Product | Grav CMS | | ----------------------- |...
8.6AI Score
0.007EPSS
7.5AI Score
0.074EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...
6.8CVSS
8.7AI Score
0.0004EPSS
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | |...
8.3AI Score
0.002EPSS
RG-UAC Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product. A command execution vulnerability exists in the RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd,.....
7.5AI Score
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted...
6.1CVSS
7.3AI Score
0.001EPSS
Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...
8.2AI Score
chromium -- multiple security fixes
Chrome Releases reports: This update includes 17 security fixes: [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24 [1496250]...
7.8AI Score
0.001EPSS
Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Security....
7.9AI Score
6.5AI Score
0.004EPSS
Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...
7AI Score
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected...
7.3AI Score
7.7AI Score
0.006EPSS
7AI Score
0.035EPSS
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...
7.6AI Score
6.6AI Score
0.027EPSS
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process....
7.2AI Score
0.001EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.6AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...
5.5CVSS
7.4AI Score
0.001EPSS
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges...
4.4CVSS
6.7AI Score
0.0004EPSS
In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges...
4.4CVSS
7.2AI Score
0.0004EPSS
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
7.2AI Score
0.0004EPSS
In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
7.2AI Score
0.0004EPSS
In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...
5.5CVSS
7.2AI Score
0.0004EPSS
In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
7.2AI Score
0.0004EPSS
In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges...
5.5CVSS
6.8AI Score
0.0004EPSS
About the security content of macOS Monterey 12.7.3
About the security content of macOS Monterey 12.7.3 This document describes the security content of macOS Monterey 12.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.4AI Score
0.009EPSS
7.3AI Score
0.053EPSS
Unauthorized Access Vulnerability in ShopXO of Shanghai Zongzig Technology Co.
ShopXO is enterprise-level B2C open source e-commerce system. Ltd. ShopXO has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...
6.8AI Score
About the security content of macOS Ventura 13.6.4
About the security content of macOS Ventura 13.6.4 This document describes the security content of macOS Ventura 13.6.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.5AI Score
0.009EPSS
Command Execution Vulnerability in SuperMap iPortal of Beijing SuperMap Software Co.
SuperMap iPortal is a GIS portal platform for cloud computing, which enables the integration, discovery, sharing and management of various GIS resources such as maps, services, scenes and data, and also monitors multiple GIS servers within the organization to ensure the safe and stable operation...
7.2AI Score
Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...
7.5AI Score
Weak Password Vulnerability in MSG3100 at Resconda Technology Development Co.
MSG3100 is a box-type IP PBX product for government and enterprise customers, applicable to enterprises with less than 300 people, adopting 1U box-type design, used at the interface between enterprise internal network and access network, to meet the business needs of enterprise voice and data....
7AI Score
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
8.8AI Score
0.001EPSS
Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
By Deeba Ahmed Group-IB Global Pvt. Ltd. has revealed shocking details on Inferno Drainer, a phishing operation targeting cryptocurrency wallet providers.… This is a post from HackRead.com Read the original post: Inferno Drainer Phishing Nets Scammers $80M from Crypto...
7.3AI Score
About the security content of iOS 16.7.5 and iPadOS 16.7.5
About the security content of iOS 16.7.5 and iPadOS 16.7.5 This document describes the security content of iOS 16.7.5 and iPadOS 16.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
8.6AI Score
0.001EPSS