Lucene search
K

4936 matches found

OSV
OSV
added 2024/09/13 6:1 a.m.19 views

RHSA-2010:0757 Red Hat Security Advisory: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2

Bulletin has no description...

4.3CVSS6.2AI score0.04711EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.6 views

The vulnerability in the xpub.cpp component of the ZeroMQ messaging library, related to improper memory release before deleting the last reference, allows a violator to trigger a service failure.

The vulnerability of the xpub.cpp component in the ZeroMQ messaging library relates to improper memory release before deleting the last reference. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS7.2AI score0.01694EPSS
Exploits0References7Affected Software3
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

Controller 6000和Controller 7000 安全漏洞

The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...

4.6CVSS6.5AI score0.00229EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/09/06 4:2 a.m.12 views

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.196 views

Symantec Messaging Gateway 9.5 Log File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...

5CVSS7AI score0.5883EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.249 views

Symantec Messaging Gateway 10 Exposure Of Stored AD Password

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...

7.8CVSS7AI score0.0706EPSS
Exploits6
The Hacker News
The Hacker News
added 2024/08/27 4:8 p.m.89 views

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...

9.3CVSS8.6AI score0.99945EPSS
Exploits33
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.2 views

Meshtastic device firmware 安全漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in the Meshtastic device firmware that stems from a denial of service vulnerability in MQTT...

7.5CVSS6.6AI score0.00596EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

7.5CVSS7.5AI score0.81147EPSS
Exploits9References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/26 1:28 a.m.4 views

Malicious code in platform-client-messaging-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c2d8c135637c1c5dabdcf9238f0a282f34540de11eca662db70ccadf8260ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/26 1:28 a.m.5 views

MAL-2024-8036 Malicious code in platform-client-messaging-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c2d8c135637c1c5dabdcf9238f0a282f34540de11eca662db70ccadf8260ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/08/25 5:54 a.m.28 views

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said t...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/08/23 12:0 a.m.6 views

The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) allows a perpetrator to trigger a service failure.

The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures by...

8.6CVSS5.8AI score0.00745EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2024/08/20 3:15 p.m.54 views

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

5.3CVSS0.00455EPSS
Exploits0References2
CVE
CVE
added 2024/08/20 2:37 p.m.63 views

CVE-2024-42369

CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...

5.3CVSS4.5AI score0.00455EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/20 2:37 p.m.29 views

CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

4.1CVSS6.8AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.6 views

Friendica 安全漏洞

Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...

5.4CVSS6.1AI score0.00323EPSS
Exploits1References4
OSV
OSV
added 2024/08/12 1:38 p.m.2 views

UBUNTU-CVE-2024-22123

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

2.7CVSS5.8AI score0.00575EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.5 views

WordPress plugin Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Sender - Newsletter,...

7.1CVSS6AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2024/08/07 2:15 a.m.4 views

CVE-2024-34617

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application...

3.3CVSS5.8AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder