If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...
7.3AI Score
Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...
7AI Score
Kaminari Insecure File Permissions Vulnerability
A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...
6.5AI Score
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user...
6.9AI Score
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user...
6.9AI Score
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function....
6.9AI Score
0.0004EPSS
What is an Infosec Audit and Why Does Your Company Need One?
By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need...
7.4AI Score
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
CVE-2023-44487 affecting package containerized-data-importer for versions less than 1.55.0-15
CVE-2023-44487 affecting package containerized-data-importer for versions less than 1.55.0-15. A patched version of the package is...
8.5AI Score
0.72EPSS
software: busybox 1.36.1 OS: ROSA-CHROME package_evr_string: busybox-1.36.1-3 CVE-ID: CVE-2022-30065 BDU-ID: 2023-02631 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the copyvar function of the BusyBox suite of UNIX command line utilities is related to incorrect processing of a template...
8.1AI Score
0.011EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.8CVSS
7.6AI Score
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in...
7.8CVSS
7.4AI Score
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.6AI Score
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in...
7.4AI Score
MStore API < 3.9.8 - SQL Injection
The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...
7.7AI Score
0.001EPSS
JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for...
8AI Score
JVN#71404925: Multiple vulnerabilities in UTAU
UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection (CWE-78) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 5.3 CVE-2024-28886 Path Traversal (CWE-22) CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.3 CVE-2024-32944 ## Impact If a...
7.8AI Score
7.4AI Score
0.0004EPSS
openSUSE 15 Security Update : libqt5-qtnetworkauth (openSUSE-SU-2024:0143-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0143-1 advisory. - CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782). Tenable has extracted the preceding description block...
7.1AI Score
7.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...
7AI Score
0.0004EPSS
silverstripe/framework sends passwords back to browsers under some circumstances
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...
7.3AI Score
silverstripe/framework sends passwords back to browsers under some circumstances
Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or...
7.3AI Score
silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended...
6.9AI Score
silverstripe/framework BackURL validation bypass with malformed URLs
A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on BackURL parameters. This could lead to users entering sensitive data in malicious websites instead of the intended...
6.9AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...
7.2AI Score
Best Practices for Cloud Computing Security
By Owais Sultan Cloud security is crucial for businesses. Here are vital tips to safeguard your data, including choosing a secure… This is a post from HackRead.com Read the original post: Best Practices for Cloud Computing...
7.3AI Score
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...
6.9AI Score
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging...
6.9AI Score
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....
6.7AI Score
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the.....
6.7AI Score
silverstripe/framework's User-Agent header not correctly invalidating user session
A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user...
7.1AI Score
silverstripe/framework's User-Agent header not correctly invalidating user session
A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user...
7.1AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
8.1AI Score
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
5.9CVSS
8.1AI Score
silverstripe/framework password encryption salt not updated
When a user changes their password, the internal salt used for hashing their password is not updated. Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of...
7.2AI Score
silverstripe/framework password encryption salt not updated
When a user changes their password, the internal salt used for hashing their password is not updated. Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of...
7.2AI Score
CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.8AI Score
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
7.8AI Score
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing.....
7AI Score
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing.....
5.3CVSS
7.3AI Score
CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing.....
7AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
7AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
8.6CVSS
7.3AI Score
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
7AI Score