Lucene search
K

144 matches found

Veracode
Veracode
added 2023/11/22 8:23 a.m.14 views

Denial Of Service (DOS)

libzephyr.so is vulnerable to Denial Of Service DOS. The vulnerability is caused by the leadvertisingreport function in /subsys/bluetooth/controller/hci/hci.c because an advertising packet is not processed properly when copying data. The root cause of the issue are integer overflow while storing ...

8.8CVSS7.5AI score0.00392EPSS
Exploits0References9Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/10/26 4:0 p.m.15 views

An integrated incident response solution with Microsoft and PwC

Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/10/26 4:0 p.m.18 views

An integrated incident response solution with Microsoft and PwC

Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.12 views

Collateralization ratio manipulation can cause a denial of service

Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2023/06/13 1:17 p.m.659 views

Exploit for Command Injection in Vmware Aria_Operations_For_Networks

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations f...

9.8CVSS10AI score0.98281EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2023/06/06 4:45 p.m.26 views

notation-go's verification bypass can cause users to verify the wrong artifact

Impact An attacker who controls or compromises a registry can lead a user to verify the wrong artifact. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Workarounds User should use secure and trusted container...

8.8CVSS6.7AI score0.00354EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/06 4:44 p.m.17 views

GHSA-RVRX-RRWH-R9P6 Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack

Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running notation verify. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade the...

6.5CVSS6.4AI score0.00485EPSS
Exploits0References4
Wordfence Blog
Wordfence Blog
added 2023/04/14 10:17 p.m.11 views

Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...

6.9AI score
Exploits0
Citrix
Citrix
added 2023/04/12 12:0 a.m.14 views

How to troubleshoot PVS target device domain trust issue

Since both Citrix and Microsoft and 3rd party software can initiate changing password, sometimes the TD may lose domain trust. Reset machine password from PVS console can solve the issue, but sometimes we need to find out the root cause if too many TDs lose domain trust. This article aims to give...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2023/04/05 2:5 a.m.572 views

Exploit for Untrusted Pointer Dereference in Microsoft

It is an exploit module targeting Apache HTTP Server. The target...

7.8CVSS8.6AI score0.65417EPSS
Exploits13
Virtuozzo
Virtuozzo
added 2022/12/19 12:0 a.m.22 views

Virtuozzo Hybrid Server 7.5 Update 4 (7.5.4-465)

Virtuozzo Hybrid Server 7.5 Update 4 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1160.80.1.vz7.191.4. Vulnerability id: PSBM-142718 Node IP was not set when changing 'vnclisten' in '/etc/libvirt/qemu.conf.' Vulnerability id:...

0.7AI score
Exploits0
OSV
OSV
added 2022/09/23 9:37 p.m.19 views

GHSA-GMHJ-XJFH-CF6M Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

7.7CVSS7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/23 9:37 p.m.23 views

Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

1.3AI score
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/08/18 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2225)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7AI score0.02986EPSS
Exploits9References2
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.11 views

[PNM-002] The expiry of the parent node can be smaller than the one of a child node, violating the guarantee policy

Lines of code Vulnerability details Description By design, the child node's expiry can only be extended up to the parent's current one. Adding these restrictions means that the ENS users only have to look at the name itself's fuses and expiry without traversing the hierarchy to understand what...

7AI score
Exploits0
Kitploit
Kitploit
added 2022/05/03 12:30 p.m.31 views

FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares

FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. See theFirmWire documentation to get started! Experiments & Missing Parts? Upon a vendor's request, the current...

7.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.7 views

The vulnerability of the Solution Manager Diagnostics (Root Cause Analysis) tool within the SAP Solution Manager software platform allows a perpetrator to enhance their privileges.

The vulnerability of the Solution Manager Diagnostics Root Cause Analysis tool within the SAP Solution Manager software platform is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

9.1CVSS7.7AI score0.01326EPSS
Exploits0References6Affected Software1
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.14 views

[WP-H4] anchor_basset_reward pending yields can be stolen

Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...

6.7AI score
Exploits0
CVE
CVE
added 2022/02/09 10:5 p.m.95 views

CVE-2022-22544

SAP Solution Manager 720’s Diagnostics Root Cause Analysis Tool suffers from insufficient access control, enabling an administrator to execute code on all connected Diagnostics Agents and browse their files. This could allow an attacker with admin privileges to control managed systems, leading to...

9.1CVSS9.3AI score0.01326EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.26 views

CVE-2022-22544

Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...

9.5AI score0.01326EPSS
Exploits0References2
Rows per page
Query Builder