Lucene search
K

2474 matches found

CNNVD
CNNVD
added 2023/10/17 12:0 a.m.2 views

Aruba Networks AirWave Management Platform Security Vulnerability

Aruba Networks AirWave Management Platform, from Aruba Networks, provides granular visibility into wired and wireless networks and is the leading multi-vendor management platform designed for local campus environments. A security vulnerability exists in the Aruba Networks AirWave Management...

6.8CVSS6.3AI score0.00444EPSS
Exploits0References2
Krebs on Security
Krebs on Security
added 2023/10/10 10:51 p.m.83 views

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS...

7.5CVSS8AI score0.99999EPSS
Exploits22
OSV
OSV
added 2023/10/06 2:15 p.m.3 views

CVE-2023-35897

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...

7.8CVSS6.1AI score0.00234EPSS
Exploits0References2
Prion
Prion
added 2023/10/06 2:15 p.m.20 views

Code injection

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...

4.4CVSS7.6AI score0.00234EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/06 1:6 p.m.76 views

CVE-2023-35897

IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware/Hyper-V) versions 8.1.0.0–8.1.19.0 are affected by a DLL hijacking flaw that could allow a local user to execute arbitrary code via a specially crafted file. The issue impacts Wi...

8.4CVSS7.9AI score0.00234EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.1 views

IBM Spectrum Protect Code Issue Vulnerability

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud...

8.4CVSS7.3AI score0.00234EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/06 12:0 a.m.8 views

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

7.8CVSS6.2AI score0.00278EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 1:0 p.m.120 views

Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to arbitrary code execution due to a DLL hijacking flaw (CVE-2023-35897)

Summary IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by a DLL hijacking flaw CVE-2023-35897. The flaw can lead to arbitrary code execution, as described in the "Vulnerability...

8.4CVSS8.1AI score0.00234EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.3 views

Qualcomm Chip Security Breach

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip has a security vulnerability that stems from a weak...

8.2CVSS6.8AI score0.00104EPSS
Exploits0References2
OSV
OSV
added 2023/09/26 7:35 p.m.30 views

GHSA-R5HM-MP3J-285G sing-box vulnerable to improper authentication in the SOCKS inbound

Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. Workarounds Don't expose the SOCKS5 inbound to insecure environments...

9.1CVSS9.4AI score0.00679EPSS
Exploits0References6
Prion
Prion
added 2023/09/25 8:15 p.m.17 views

Authentication flaw

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...

7.5CVSS9.5AI score0.00679EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/25 7:12 p.m.27 views

CVE-2023-43644 Improper authentication in the SOCKS5 inbound in sing-box

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...

9.1CVSS9.8AI score0.00679EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/25 7:12 p.m.18 views

CVE-2023-43644 Improper authentication in the SOCKS5 inbound in sing-box

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...

9.1CVSS9.6AI score0.00679EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/09/18 11:30 a.m.20 views

Surf - Escalate Your SSRF Vulnerabilities On Modern Cloud Environments

surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending a HTTP request from your machine to each host, collecting all the hosts that did not respond, and then filtering them into a list of externally facing and internally facing hosts. You ca...

7AI score
Exploits0References2
Metasploit
Metasploit
added 2023/09/17 10:5 p.m.243 views

Windows Gather Virtual Environment Detection

This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. This module requires Metasploit: https://metasploit.com/download Current source:...

7.2AI score
Exploits0
CNVD
CNVD
added 2023/09/14 12:0 a.m.23 views

Siemens RUGGEDCOM APE1808 Product Family Inside BIOS Vulnerability

The RUGGEDCOM APE1808 is a utility-grade application hosting platform that allows you to deploy a range of commercial edge computing and cybersecurity applications in harsh industrial environments. An Inside BIOS vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, which is cause...

4.7CVSS6.8AI score0.00143EPSS
Exploits0References1
Prion
Prion
added 2023/09/11 8:15 p.m.26 views

Remote code execution

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in...

5.8CVSS7.5AI score0.01262EPSS
Exploits2References1Affected Software1
Veracode
Veracode
added 2023/09/08 12:24 p.m.29 views

Information Disclosure

Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...

7.8CVSS6.7AI score0.00286EPSS
Exploits0References5Affected Software1
Talos Blog
Talos Blog
added 2023/09/06 4:46 p.m.40 views

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...

7.5CVSS6.9AI score0.03356EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/09/06 12:31 a.m.77 views

USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

7.8CVSS7.7AI score0.05794EPSS
Exploits1
Rows per page
Query Builder