Aggregator

A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA’s Known Exploited Vulnerabilities (KEV) catalog

DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. [...]

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

A vulnerability, which was classified as critical, was found in phpBG. Affected is an unknown function of the file intern/clan/member_add.php. The manipulation of the argument rootdir leads to improper input validation. This vulnerability is traded as CVE-2007-4636. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Sophos Intercept X on Windows and classified as problematic. This vulnerability affects unknown code of the component Device Encryption. The manipulation leads to use of unmaintained third party components. This vulnerability was named CVE-2024-8885. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

Чем Paragon Solutions оказалась лучше своих конкурентов, которых отменили власти США?

A vulnerability, which was classified as critical, was found in Schneider Elektronik Series 700 up to 0.1.17.6. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2024-35293. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Schneider Elektronik Series 700 up to 0.1.17.6. Affected by this issue is some unknown functionality. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2024-35294. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Canonical Juju up to 2.9.50/3.1.9/3.3.6/3.4.5/3.5.3. Affected by this vulnerability is an unknown functionality of the component Unix Domain Socket Handler. The manipulation leads to unprotected alternate channel. This vulnerability is known as CVE-2024-8038. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Canonical Juju up to 2.9.50/3.1.9/3.3.6/3.4.5/3.5.3. Affected is an unknown function of the file /var/lib/Juju/agents/unit-xxxx-yyyy/agent.socket of the component Unix Domain Socket Handler. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2024-8037. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Canonical Juju up to 2.9.50/3.1.9/3.3.6/3.4.5/3.5.3. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument JUJU_CONTEXT_ID leads to use of weak credentials. The identification of this vulnerability is CVE-2024-7558. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mestres do WP Checkout Mestres WP Plugin up to 8.6 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-44030. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in MinHyeong Lim MH Board Plugin up to 1.3.2.1 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-44017. It is possible to initiate the attack remotely. There is no exploit available.

​Microsoft is blocking Windows 24H2 upgrades on systems with incompatible Intel Smart Sound Technology (SST) audio drivers due to blue screen of death (BSOD) issues. [...]

A vulnerability, which was classified as critical, has been found in magzter Macau Business 3. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7327. The attack needs to be done within the local network. There is no exploit available.