Lucene search
K

1080 matches found

Rockylinux
Rockylinux
added 2025/12/04 9:5 a.m.19 views

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

7.5CVSS7.5AI score0.99999EPSS
Exploits19
Rockylinux
Rockylinux
added 2025/12/04 9:3 a.m.11 views

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

7.5CVSS7.5AI score0.99999EPSS
Exploits19
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49164

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.8.1 through 12.11.4 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A flaw exists within the Fireware OS that could allow an attacker to circumvent the boot time system integrity check. Th...

6.7CVSS6.5AI score0.00107EPSS
Exploits0References6
NVD
NVD
added 2025/11/24 5:16 p.m.5 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

8.8CVSS0.00269EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.1 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

7.4AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

0.00269EPSS
Exploits1References2
CVE
CVE
added 2025/11/24 12:0 a.m.17 views

CVE-2025-63434

CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...

8.8CVSS7.4AI score0.00269EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.9 views

PT-2025-47948

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

7.8AI score0.00269EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/21 12:31 p.m.4 views

CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...

9.8CVSS7.7AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 4:15 p.m.27 views

CVE-2025-63220

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.2CVSS0.00404EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.8 views

PT-2025-47463

Name of the Vulnerable Software and Affected Versions Sound4 FIRST affected versions not specified Description The Sound4 FIRST web-based management interface is susceptible to Remote Code Execution RCE through a maliciously crafted firmware update package. The system’s update process does not...

7.2CVSS7.5AI score0.00404EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

Sound4 FIRST 安全漏洞

Sound4 FIRST is an audio processor for broadcasting from Sound4 France. A security vulnerability exists in Sound4 FIRST that stems from a firmware update mechanism that does not validate the integrity of manual.sh, which could lead to remote code execution...

7.2CVSS7.8AI score0.00404EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.3 views

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

7.3AI score0.00413EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.10 views

Siemens SIMATIC S7-1500 Improper Validation of Integrity Check Value (CVE-2021-22922)

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and...

6.5CVSS6.5AI score0.04313EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

Lexmark Printers Improper Validation of Integrity Check Value (CVE-2023-50738)

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. Lexmark documentation recommends that access to the Firmware Updates be restricted to trusted personnel. %NASLMINLEVEL 80900 C Tenable, Inc...

4.3CVSS5.2AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/04 3:48 p.m.1 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to the protocDigest parameter being ignored when the protoc executable is sourced from the system PATH. An attacker can bypass integrity verification by placing a malicious protoc binary...

2.5CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2025/10/24 11:15 p.m.6 views

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

7CVSS0.00137EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.8 views

PT-2025-43687

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The firmware update mechanism for Deck Mate 2 does not verify cryptographic signatures on update packages. Updates are encrypted using a single, hard-coded AES key shared across all devic...

7CVSS7.4AI score0.00137EPSS
Exploits0References12
NVD
NVD
added 2025/10/22 2:15 p.m.4 views

CVE-2023-53709

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rbmovetail and rbcheckpages It seems a data race between ringbuffer writing and integrity check. That is, RBFLAG of headpage is been updating, while at same time RBFLAG was cleared when doing...

0.00182EPSS
Exploits0References5
OSV
OSV
added 2025/10/22 2:15 p.m.2 views

UBUNTU-CVE-2023-53709

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rbmovetail and rbcheckpages It seems a data race between ringbuffer writing and integrity check. That is, RBFLAG of headpage is been updating, while at same time RBFLAG was cleared when doing...

5.9AI score0.00182EPSS
Exploits0References8
Rows per page
Query Builder