Lucene search
K

250 matches found

Vulnrichment
Vulnrichment
added 2024/03/27 4:53 p.m.17 views

CVE-2024-20259

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...

8.6CVSS7.1AI score0.00816EPSS
Exploits0References1
Cisco
Cisco
added 2024/03/27 4:0 p.m.44 views

Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...

8.6CVSS8.5AI score0.00816EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.5 views

PT-2024-13337 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers may exploit this by sending a http:// link to a user or by...

4.3CVSS6.2AI score0.00281EPSS
Exploits0References9
OSV
OSV
added 2024/02/09 1:15 a.m.3 views

CVE-2023-42016

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the...

4.3CVSS5.6AI score0.00272EPSS
Exploits0References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/02/07 6:57 a.m.20 views

Ski & bike helmets protect your head, not location or voice

TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects 1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a...

7.3AI score
Exploits0
CERT
CERT
added 2024/01/16 12:0 a.m.168 views

Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Overview Multiple vulnerabilities were discovered in the TCP/IP stack NetworkPkg of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface UEFI. Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote...

8.8CVSS8.7AI score0.02084EPSS
Exploits1References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/01/02 6:49 a.m.23 views

Mobile malware analysis for the BBC

This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strong suggests though this cannot be confirmed...

7.1AI score
Exploits0
OSV
OSV
added 2023/12/13 9:15 a.m.8 views

CVE-2023-6660

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

6.5CVSS6AI score0.00622EPSS
Exploits0References2
Prion
Prion
added 2023/12/13 9:15 a.m.15 views

Design/Logic Flaw

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

4CVSS6.8AI score0.00622EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 8:23 a.m.41 views

CVE-2023-6660 NFS client data corruption and kernel memory disclosure

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

6.6AI score0.00622EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/12/11 8:6 a.m.15 views

A week in security (December 4 – December 10)

Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...

7.4AI score
Exploits0
Prion
Prion
added 2023/11/13 2:15 a.m.17 views

Authorization

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...

4.3CVSS6.1AI score0.00569EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2023/11/06 10:25 a.m.28 views

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—theyre spying on each other more. Whether reading someones DMs, rifling through a partners text messages, or even rummaging through the bags and belongings of someone else,...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.14 views

Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service (CVE-2018-0292)

A vulnerability in the Internet Group Management Protocol IGMP Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in...

8.8CVSS8.7AI score0.01507EPSS
Exploits0References3
OSV
OSV
added 2023/06/08 1:15 a.m.6 views

CVE-2023-33847

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...

3.1CVSS5.6AI score0.00628EPSS
Exploits0References4
Prion
Prion
added 2023/06/08 1:15 a.m.17 views

Authorization

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...

2.6CVSS3.5AI score0.00628EPSS
Exploits0References4Affected Software2
HackRead
HackRead
added 2023/06/01 3:24 p.m.22 views

Amazon fined $31 million over privacy breaches, including snooping on kids

By Habiba Rashid The case involves Amazon's settlement with the FTC over security and privacy violations committed by its subsidiaries, Ring and Alexa. This is a post from HackRead.com Read the original post: Amazon fined $31 million over privacy breaches, including snooping on kids...

7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.46 views

K16845: MySQL vulnerability CVE-2015-3152

Security Advisory Description An unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. CVE-2015-3152 Impact Although the...

5.9CVSS5.9AI score0.07083EPSS
Exploits1Affected Software14
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0634

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service process crash via a handle without a policy name, which causes a null dereference...

5CVSS6.7AI score0.05275EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2022/11/19 2:0 p.m.14 views

A Destabilizing Hack-and-Leak Operation Hits Moldova

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms...

1.7AI score
Exploits0
Rows per page
Query Builder