Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

Elvaco M-Bus Metering Gateway CMe3100

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elvaco Equipment: M-Bus Metering Gateway CMe3100 Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Insufficiently Protected Credentials. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, impersonate and send false information, or bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Elvaco CMe3100, a metering gateway are affected: CMe3100: Version 1.12. 1 3.2 Vulnerability Overview 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522) The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. CVE-2024-49396 has been assigned to t...

us-cert
#xss#vulnerability#web#rce#auth
CVE-2024-49023: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43579: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43595: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-43596: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43578: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43587: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43566: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: 🔻 Remote Code Execution – CUPS (CVE-2024-47176) and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks🔻 Remote Code Execution – Mozilla Firefox (CVE-2024-9680) […]

Hybrid Work Exposes New Vulnerabilities in Print Security

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.