Aggregator

The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)

A vulnerability was found in Lenovo HX5530 Appliance XCC, HX7530 Appliance XCC, ST250 V3 XCC, VX3331 Certified Node XCC, HX Enclosure Certified Node XCC, HX1021 Edge Certified Node 3yr XCC, HX1320 Appliance XCC, HX1321 Certified Node XCC, HX1331 Certified Node XCC, HX1520-R Appliance XCC, HX1521-R Certified Node XCC, HX2320-E Appliance XCC, HX2321 Certified Node XCC, HX2330 Appliance XCC, HX2331 Certified Node XCC, HX2720-E Appliance XCC, HX3320 Appliance XCC, HX3321 Certified Node XCC, HX3330 Appliance XCC, HX3331 Certified Node XCC, HX3331 Node SAP HANA XCC, HX3375 Appliance XCC, HX3376 Certified Node XCC, HX3520-G Appliance XCC, HX3521-G Certified Node XCC, HX3720 Appliance XCC, HX3721 Certified Node XCC, HX5520 Appliance XCC, HX5520-C Appliance XCC, HX5521 Certified Node XCC, HX5521-C Certified Node XCC, HX5531 Certified Node XCC, HX7520 Appliance XCC, HX7521 Certified Node XCC, HX7530 Appl for SAP HANA XCC, HX7531 Certified Node XCC, HX7531 Node SAP HANA XCC, HX7820 Appliance XCC, HX7821 Certified Node XCC, MX Edge Appliance - MX1020 XCC, MX3330-F All-flash Appliance XCC, MX3330-H Hybrid Appliance XCC, MX3331-F All-flash Certified node XCC, MX3331-H Hybrid Certified node XCC, MX3530 F All flash Appliance XCC, MX3530-H Hybrid Appliance XCC, MX3531 H Hybrid Certified node XCC, MX3531-F All-flash Certified node XCC, P920 Rack Workstation (ThinkStation) XCC, SD530 XCC, SD530 V3 XCC, SD550 V3 XCC, SD630 V2 XCC, SD650 DWC Dual Node Tray XCC, SD650 V2 XCC, SD650 V3 XCC, SD650-N V2 XCC, SD665 V3 XCC, SE350 XCC, SE350 V2 XCC, SE360 V2 XCC, SE450 XCC, SE455 V3 XCC, SN550 XCC, SN550 V2 XCC, SN850 XCC, SR150 XCC, SR158 XCC, SR250 XCC, SR250 V2 XCC and SR250 V3 XC. It has been rated as critical. This issue affects some unknown processing of the component IPMI Command Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-8278. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vaultwarden 1.30.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-39925. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Lenovo XClarity Administrator up to 4.0. It has been classified as problematic. This affects an unknown part of the component URL Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2024-45101. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vaultwarden 1.30.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-39924. The attack needs to be approached within the local network. There is no exploit available.

ISMG Compendium Showcases More Than 50 Interviews on Threats, Emerging Solutions
Welcome to Information Security Media Group's Black Hat and DEF CON 2024 Compendium featuring latest insights from the industry's top cybersecurity researchers and ethical hackers, as well as perspectives from CEOs, CISOs and government officials on the latest trends in cybersecurity and AI.

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries Pierluigi Paganini S

A vulnerability has been found in lunary-ai lunary up to 1.4.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-6862. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AutomationDirect DirectLogic H2-DM1E up to 2.8.0. Affected is an unknown function. The manipulation leads to session fixiation. This vulnerability is traded as CVE-2024-45368. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Eaton Foreseer 7.6/7.8.500. This issue affects some unknown processing. The manipulation leads to improper validation of specified quantity in input. The identification of this vulnerability is CVE-2024-31416. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Eaton Foreseer 7.6. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2024-31415. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Eaton Foreseer 7.6. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-31414. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in lunary-ai lunary up to 1.4.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file saml.ts of the component Setting Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-6582. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AutomationDirect DirectLogic H2-DM1E up to 2.8.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass by capture-replay. This vulnerability is known as CVE-2024-43099. The attack needs to be approached within the local network. There is no exploit available.