Lucene search
K

582 matches found

RedHat Linux
RedHat Linux
added 2023/10/18 11:16 p.m.4 views

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

7.5CVSS7.3AI score0.01107EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/10/18 4:26 p.m.6 views

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

7.5CVSS7.3AI score0.01107EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/17 1:0 a.m.2 views

SUSE CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

6.5CVSS7.8AI score0.01107EPSS
Exploits0References13
Metasploit
Metasploit
added 2023/09/14 7:51 p.m.265 views

Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability

A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. The clfs.sys driver contains a function CreateLogFile that is used to create open and edit '.blf' base log format...

7.8CVSS8AI score0.48973EPSS
Exploits10
0day.today
0day.today
added 2023/09/14 12:0 a.m.497 views

Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit

A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files. This module requires...

7.8CVSS7.2AI score0.48973EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.21 views

Oracle Linux 5 : ELSA-2016-0045-1: / kernel (ELSA-2016-00451)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-00451 advisory. - The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote...

6.4AI score0.06267EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/29 12:0 a.m.19 views

Remote Command Execution Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a large-scale enterprise digital platform that deeply applies new-generation digital intelligence technology and is completely based on cloud-native architecture to create an open, interconnected, converged and intelligent integrated cloud platform. A remote command execution...

7.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/17 5:6 p.m.17 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS6.5AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2023/08/17 5:6 p.m.23 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS7.3AI score0.00395EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.3 views

AudioCodes VoIP Data Forgery Issue Vulnerability

AudioCodes VoIP is a series of desk phones from the Israeli company AudioCodes. A security vulnerability exists in AudioCodes VoIP desk phones version 3.4.4.1000 and prior versions, which stems from the validation of firmware images that only contain simple checksums for different firmware...

7.8CVSS6.8AI score0.003EPSS
Exploits2References6
OSV
OSV
added 2023/07/27 11:0 a.m.8 views

USN-6259-1 open-iscsi vulnerabilities

Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...

8.2CVSS6.9AI score0.03912EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-35500 · Git-Annex · Git-Annex

Name of the Vulnerable Software and Affected Versions: git-annex versions prior to 6.20160419 Description: A bug in git-annex exposed the checksum of annexed files to encrypted special remotes, which should not have access to this information. This issue occurred when resuming uploads to the...

7.3AI score
Exploits0References6
IBM AIX
IBM AIX
added 2023/05/26 9:26 a.m.114 views

AIX is vulnerable to security restrictions bypass due to curl

IBM SECURITY ADVISORY First Issued: Fri May 26 09:26:13 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to curl CVE-2022-32221...

9.8CVSS6.5AI score0.04325EPSS
Exploits1
Veracode
Veracode
added 2023/04/24 9:40 a.m.16 views

Authorization Bypass

libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMSs recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS...

6.5CVSS6.2AI score0.00956EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2023/04/21 12:0 a.m.8 views

Fedora: Security Advisory for zchunk (FEDORA-2023-b41b7b1f37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/04/20 5:24 a.m.8 views

[SECURITY] Fedora 36 Update: zchunk-1.3.1-1.fc36

zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...

6.6AI score
Exploits0
OpenVAS
OpenVAS
added 2023/04/16 12:0 a.m.6 views

Fedora: Security Advisory for zchunk (FEDORA-2023-86dce75007)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/04/15 2:16 a.m.14 views

[SECURITY] Fedora 38 Update: zchunk-1.3.1-1.fc38

zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.4 views

Adobe Substance 3D Stager 缓冲区错误漏洞

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Stager in versions 2.0.1 and earlier. The vulnerability stems from a failure to perform security checksums on parameters in a user's context,...

7.8CVSS7.2AI score0.00412EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/04/07 12:0 a.m.6 views

Fedora: Security Advisory for zchunk (FEDORA-2023-5a4fd08de9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder