Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)
The remote host is missing an update for the Huawei...
5.9CVSS
6.6AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....
7.5AI Score
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | |...
8.8CVSS
8.3AI Score
EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.
DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...
9.8CVSS
7.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)
The remote host is missing an update for the Huawei...
4.7CVSS
6.1AI Score
0.015EPSS
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.3AI Score
0.002EPSS
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.6AI Score
0.002EPSS
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who.....
6.8AI Score
Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...
7AI Score
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1063)
The remote host is missing an update for the Huawei...
5.3CVSS
6.2AI Score
0.015EPSS
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)
The remote host is missing an update for the Huawei...
5.3CVSS
6.2AI Score
0.015EPSS
6.4AI Score
0.001EPSS
When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious...
7.8CVSS
7.5AI Score
0.001EPSS
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3372-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...
5.5CVSS
6.5AI Score
0.0005EPSS
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and...
5.3CVSS
5.2AI Score
0.001EPSS
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and...
5.3CVSS
5.1AI Score
0.001EPSS
Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...
7.6AI Score
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3457-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) ...
5.5CVSS
6.5AI Score
0.0005EPSS
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3373-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...
5.5CVSS
6.5AI Score
0.0005EPSS
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted...
6.1CVSS
6.2AI Score
0.001EPSS
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...
8.8CVSS
7.5AI Score
0.001EPSS
SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)
This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389...
5.5CVSS
6.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)
The remote host is missing an update for the Huawei...
7.5CVSS
8.8AI Score
0.009EPSS
4.7CVSS
6.1AI Score
0.015EPSS
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...
6.8AI Score
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...
7.1AI Score
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
8.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.0005EPSS
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process....
6.7CVSS
7.2AI Score
0.001EPSS
OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...
7.5CVSS
7.9AI Score
EPSS
talent500.co Cross Site Scripting vulnerability OBB-3757667
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
5.5CVSS
6.2AI Score
0.0005EPSS
9.8CVSS
7.6AI Score
0.006EPSS
8.8CVSS
8.4AI Score
0.001EPSS
4.7CVSS
6.6AI Score
0.025EPSS
7.8CVSS
6.5AI Score
0.01EPSS
9.8CVSS
7.6AI Score
0.006EPSS
Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for....
4.8CVSS
5.9AI Score
0.0004EPSS
5.9CVSS
6.2AI Score
0.001EPSS
8.8CVSS
6.5AI Score
0.004EPSS
9.8CVSS
7.6AI Score
0.006EPSS