NVD disclosure day
CVE-2024-12987
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A command injection vulnerability exists in the web management interface of certain DrayTek routers, allowing remote attackers to execute OS commands. This poses a risk of unauthorized system control and data compromise. Prompt patching is recommended.
CVE-2024-53197
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
The Linux kernel's USB audio driver has an out-of-bounds access vulnerability. An attacker with physical access could connect a malicious USB device to manipulate system memory. This impacts organizations using specific Linux kernel versions, posing a risk of data corruption or unauthorized code execution.
CVE-2024-3393
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A Denial of Service vulnerability in Palo Alto Networks' PAN-OS software affects its DNS Security feature. An unauthenticated attacker can exploit this by sending a malicious packet, causing the firewall to reboot. Repeated exploitation can lead to the firewall entering maintenance mode, disrupting network availability