58 matches found
EUVD-2022-33813
Malicious code in bioql PyPI...
EUVD-2022-30589
Malicious code in bioql PyPI...
EUVD-2023-27646
Malicious code in bioql PyPI...
CVE-2021-21952
An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges...
The vulnerability of the Windows Virtual Hard Disk component of the Microsoft Windows operating system, which allows a hacker to exploit their privileges.
The vulnerability of the Windows Virtual Hard Disk component of the Microsoft Windows operating system involves a buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain increased privileges...
Vulnerabilities fixed in Microsoft Azure products
Microsoft has fixed vulnerabilities in Azure and various applications within Azure. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution User rights Access to sensitive data Access to system...
The vulnerability of the mapValues() function in the Async utility module allows for unauthorized access to asynchronous JavaScript operations, enabling attackers to gain increased privileges.
The vulnerability of the mapValues function in the Async utility module, which is used for handling asynchronous JavaScript operations, is related to improperly controlled modifications of object prototype attributes. Exploiting this vulnerability can allow a remote attacker to gain increased...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as. Cerberus, Ruggedcom, SCALANCE, Sentron, SIMATIC, Sinema, Sinteso, Siveillance and Solid Edge. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage:...
BIT-GHOST-2022-41654
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to sensitive data Increased user privileges The...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in Android. A malicious person can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The most serious vulnerability allows a malicious part...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution User rights Access to sensitive...
CVE-2023-23546
A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-23546
A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-23546
CVE-2023-23546 is a Milesight UR32L urvpn_client misconfiguration vulnerability. Talos identifies it as a pre-authentication/mitm-related issue enabling elevated privileges when an attacker can exploit weak certificate validation and related data handling. Public material details show multiple ch...
The vulnerability of the Windows Backup Service allows attackers to exploit it to enhance their own capabilities.
The vulnerability of the Windows Backup Service in operating systems involves errors related to privilege management. Exploiting this vulnerability can allow an attacker to gain increased privileges...
CVE-2022-41654
CVE-2022-41654 affects Ghost Foundation Ghost 5.9.4. Cisco Talos details an authentication bypass in the newsletter subscription feature, enabling an unauthenticated or minimal-auth attacker to manipulate newsletters via the /members/api/member/ endpoint, potentially creating or modifying newslet...
CVE-2022-41654
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-38065
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...
CVE-2022-38065
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...