Lucene search
+L

116 matches found

vulnrichment
vulnrichment
added 2024/08/19 12:0 a.m.13 views

CVE-2024-44083

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue...

9.5AI score0.01365EPSS
Exploits2References2
cnnvd
cnnvd
added 2024/08/19 12:0 a.m.5 views

Hex Rays IDA Pro 安全漏洞

Hex Rays IDA Pro is a powerful disassembler and a versatile debugger from Hex Rays Belgium. It is commonly used for reverse engineering. A security vulnerability exists in Hex Rays IDA Pro 8.4 and earlier versions, which stems from a possible crash of ida64.dll when processing a code section with...

7.5CVSS6.8AI score0.01365EPSS
Exploits2References3
cve
cve
added 2024/08/19 12:0 a.m.78 views

CVE-2024-44083

CVE-2024-44083 affects Hex-Rays IDA Pro (IDA64.dll)

7.5CVSS6.6AI score0.01365EPSS
Exploits2References2Affected Software1
ptsecurity
ptsecurity
added 2024/08/18 12:0 a.m.7 views

PT-2024-30940

Name of the Vulnerable Software and Affected Versions Hex-Rays IDA Pro versions 8.4 and earlier Description The issue occurs when there is a section with many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked, causing ida64.dll in Hex-Ra...

7.5CVSS6.2AI score0.01365EPSS
Exploits2References14
nvd
nvd
added 2024/06/10 6:15 p.m.32 views

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

9.6CVSS0.00435EPSS
Exploits0References1
cve
cve
added 2024/06/10 5:21 p.m.63 views

CVE-2024-36409

CVE-2024-36409 affects SuiteCRM before versions 7.14.4 and 8.6.1, where poor input validation enables an SQL Injection at the Tree data entry point. The root cause is inadequate input validation in the Tree entry point, allowing crafted input to alter database queries. Public advisories consisten...

9.6CVSS9.5AI score0.00435EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/06/10 5:21 p.m.19 views

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

9.6CVSS7.8AI score0.00435EPSS
Exploits0References3
debiancve
debiancve
added 2024/05/17 1:23 p.m.43 views

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

5.5CVSS7.1AI score0.00222EPSS
Exploits0
githubexploit
githubexploit
added 2024/04/16 6:41 a.m.44 views

zMeedA

It is an offensive tool for Windows. The repository appears to b...

7.2AI score
Exploits0
osv
osv
added 2024/03/15 8:6 p.m.10 views

GHSA-69P4-J5V5-X234 Server/API for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.7CVSS7.3AI score
Exploits0References3
githubexploit
githubexploit
added 2024/01/23 10:42 p.m.83 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

It is an exploit module targeting the GoAnywhere MFT vulnerabili...

9.8CVSS8.5AI score0.95086EPSS
Exploits8
malwarebytes
malwarebytes
added 2023/12/13 4:29 p.m.24 views

Malvertisers zoom in on cryptocurrencies and initial access

During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...

7.8AI score
Exploits0
osv
osv
added 2023/07/18 8:15 p.m.4 views

CVE-2023-37142

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees...

5.5CVSS5.8AI score0.00758EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/07/18 12:0 a.m.4 views

ChakraCore 资源管理错误漏洞

ChakraCore is a chakra-core open source JavaScript engine with C API. ChakraCore has a security vulnerability that stems from the inclusion of a segmentation violation in the function Js::EntryPointInfo::HasInlinees...

5.5CVSS5.6AI score0.00758EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 3:38 a.m.3 views

SUSE CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...

7.4CVSS6.7AI score0.00995EPSS
Exploits0References9
osv
osv
added 2022/12/02 11:4 a.m.5 views

OESA-2022-2122 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.CVE-2021-38578...

9.8CVSS7AI score0.00995EPSS
Exploits0References2
snyk
snyk
added 2022/06/23 9:25 a.m.2 views

Malicious Package

Overview @kraken-frontend/entry-point is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7AI score
Exploits0References3
attackerkb
attackerkb
added 2022/05/03 8:15 p.m.3 views

CVE-2022-28782

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...

4.6CVSS5.9AI score0.00101EPSS
Exploits0References2
osv
osv
added 2022/03/03 10:15 p.m.1 views

UBUNTU-CVE-2021-38578

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...

9.8CVSS6.8AI score0.00995EPSS
Exploits0References4
kitploit
kitploit
added 2021/10/18 11:30 a.m.30 views

ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries

C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...

7.6AI score
Exploits0References1
Rows per page
Query Builder