Monthly
Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.
Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers with low privileges to achieve high-impact confidentiality, integrity, and availability violations through manipulation of nf_tables, nft_byteorder, or nft_meta components. The vulnerability requires local access and specific conditions to exploit but poses significant risk to system security with confirmed patch availability.
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 3.9 LOW]
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.
A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data with high confidentiality and integrity impact, as reflected by the 9.1 CVSS score. The vulnerability is reachable over the network without privileges or user interaction, and no public exploit identified at time of analysis. The combination of authentication bypass tagging and DHCP's role as a core network infrastructure service makes this a high-priority issue for any Windows environment running the DHCP Server role.
Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers with low privileges to achieve high-impact confidentiality, integrity, and availability violations through manipulation of nf_tables, nft_byteorder, or nft_meta components. The vulnerability requires local access and specific conditions to exploit but poses significant risk to system security with confirmed patch availability.
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 3.9 LOW]
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.
A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly zones by breaching the geofence using flaws in the function. Rated medium severity (CVSS 5.6). Public exploit code available.
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.