Snapshot
Nov. 2, 2024 - Nov. 8, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2024-8957 | PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. | CRITICAL | PTZOptics | Nov. 4, 2024 |
| CVE-2024-8956 | PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root. | CRITICAL | PTZOptics | Nov. 4, 2024 |
Newswires |
||||
|
Cisco Patches Severe Vulnerability in URWB Access Points
Cisco has rectified a high-severity vulnerability that could enable attackers to execute commands with root privileges on susceptible Ultra-Reliable Wireless Backhaul (URWB) access points. |
Nov. 6, 2024 |
|||
|
ToxicPanda Android Botnet Attacks Banks in Europe and Latin America
A new Android banking Trojan known as ToxicPanda has been discovered attacking financial institutions across Latin America and Europe. |
Nov. 5, 2024 |
|||
|
Google Addresses Two Actively Exploited Android Zero-Days in November Security Updates
Google has patched two zero-day vulnerabilities in Android that were being actively exploited in the wild. |
Nov. 5, 2024 |
|||
|
Custom 'Pygmy Goat' Malware Targets Sophos Firewall in Government Network Attack
The UK's National Cyber Security Centre (NCSC) has released an analysis of a Linux malware called 'Pygmy Goat' that was created to infiltrate Sophos XG firewall devices. |
Nov. 4, 2024 |
|||
|
Ollama AI Framework Vulnerabilities: DoS, Model Theft, and Poisoning Possible
Security researchers have unveiled six significant security vulnerabilities within the Ollama artificial intelligence (AI) framework. |
Nov. 4, 2024 |
|||
|
Microsoft SharePoint Remote Code Execution Vulnerability Exploited in Corporate Network Breach
A high-severity remote code execution (RCE) vulnerability in Microsoft SharePoint, known as CVE-2024-38094, has been exploited to breach corporate networks. |
Nov. 2, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-20418 (2) | A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable ... | CRITICAL |
Actively Exploited |
|
| CVE-2024-10386 (2) | CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. | CRITICAL | Rockwellautomation | Risk Context N/A |
| CVE-2024-8957 (2) | PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. | CRITICAL | Ptzoptics |
CISA Known Exploited |
| CVE-2022-1040 (2) | An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Fir... | CRITICAL | Sophos |
CISA Known Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-8956 (2) | PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. | CRITICAL | Ptzoptics |
CISA Known Exploited Remote Code Execution |
| CVE-2024-43047 (6) | Memory corruption while maintaining memory maps of HLOS memory. | HIGH | Qualcomm |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-32896 (2) | there is a possible way to bypass due to a logic error in the code. | HIGH | Android, Google |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2020-14979 (2) | The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integr... | HIGH | Evga, Winring0 Project | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
PTZOptics — PT30X-SDI/NDI Cameras |
|
CVE-2024-8957 / Added: Nov. 4, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 1.10 EPSS Percentile 84.93 |
|
PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script. |
|
Headlines
|
PTZOptics — PT30X-SDI/NDI Cameras |
|
CVE-2024-8956 / Added: Nov. 4, 2024 |
|
CRITICAL CVSS 9.10 EPSS Score 1.97 EPSS Percentile 89.12 |
|
PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root. |
|
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-20418 |
|
CRITICAL CVSS 10.00 |
|
Actively Exploited |
|
Published: Nov. 6, 2024 |
|
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device. |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-10386 |
|
CRITICAL CVSS 9.80 EPSS Score 0.07 EPSS Percentile 32.58 |
|
Risk Context N/A |
|
Published: Oct. 25, 2024 |
|
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. |
|
Vendor Impacted: Rockwellautomation |
|
Product Impacted: Thinmanager |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-8957 |
|
CRITICAL CVSS 9.80 EPSS Score 1.10 EPSS Percentile 84.93 |
|
CISA Known Exploited |
|
Published: Sept. 17, 2024 |
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices. |
|
Vendor Impacted: Ptzoptics |
|
Products Impacted: Pt30x-Sdi, Pt30x-Sdi Firmware, Pt30x-Ndi-Xx-G2 Firmware, Pt30x-Sdi/ndi Cameras, Pt30x-Ndi-Xx-G2 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2022-1040 |
|
CRITICAL CVSS 9.80 EPSS Score 97.46 EPSS Percentile 99.97 |
|
CISA Known Exploited Remote Code Execution Public Exploits Available |
|
Published: March 25, 2022 |
|
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. |
|
Vendor Impacted: Sophos |
|
Products Impacted: Firewall, Sfos |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-8956 |
|
CRITICAL CVSS 9.10 EPSS Score 1.97 EPSS Percentile 89.12 |
|
CISA Known Exploited Remote Code Execution |
|
Published: Sept. 17, 2024 |
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. |
|
Vendor Impacted: Ptzoptics |
|
Products Impacted: Pt30x-Sdi, Pt30x-Sdi Firmware, Pt30x-Ndi-Xx-G2 Firmware, Pt30x-Sdi/ndi Cameras, Pt30x-Ndi-Xx-G2 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-43047 |
|
HIGH CVSS 7.80 EPSS Score 0.06 EPSS Percentile 29.28 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Oct. 7, 2024 |
|
Memory corruption while maintaining memory maps of HLOS memory. |
|
Vendor Impacted: Qualcomm |
|
Products Impacted: Sd660 Firmware, Sa6155p, Fastconnect 6900 Firmware, Snapdragon 660 Mobile Firmware, Qca6595au Firmware, Wcn3988, Snapdragon 888 5g Mobile Firmware, Sa8195p Firmware, Sa8295p, Qcs410 Firmware, Snapdragon Auto 5g Modem-Rf Firmware, Snapdragon 680 4g Mobile, Snapdragon 870 5g Mobile Firmware, Snapdragon Auto 5g Modem-Rf, Wcd9380, Sg4150p Firmware, Snapdragon 680 4g Mobile Firmware, Sa8150p, Sa6155p Firmware, Wsa8830 Firmware, Sa8155p, Sa8155p Firmware, Wsa8810, Qca6436 Firmware, Qca6696, Wcn3988 Firmware, Sd865 5g, Qca6174a Firmware, Wcn3980, Video Collaboration Vc1, Qca6696 Firmware, Snapdragon Xr2 5g Firmware, Wcn3980 Firmware, Qca6574au Firmware, Snapdragon 8 Gen 1 Mobile Firmware, Sa6150p Firmware, Fastconnect 6900, Sd865 5g Firmware, Wsa8835 Firmware, Snapdragon 8 Gen 1 Mobile, Snapdragon 870 5g Mobile, Wcd9341, Wcd9341 Firmware, Qca6174a, Wcd9335 Firmware, Wcd9335, Wcd9370, Qca6584au, Wcn3990 Firmware, Sa6145p Firmware, Fastconnect 6800, Snapdragon 865\+ 5g Mobile Firmware, Snapdragon 888\+ 5g Mobile... |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-32896 |
|
HIGH CVSS 7.80 EPSS Score 0.08 EPSS Percentile 36.42 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: June 13, 2024 |
|
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
|
Vendors Impacted: Android, Google |
|
Products Impacted: Android, Pixel |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2020-14979 |
|
HIGH CVSS 7.80 EPSS Score 0.04 EPSS Percentile 5.12 |
|
Risk Context N/A |
|
Published: Aug. 11, 2020 |
|
The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process. |
|
Vendors Impacted: Evga, Winring0 Project |
|
Products Impacted: Winring0, Precision X1 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
