Lucene search
K

164 matches found

Cvelist
Cvelist
added 2023/03/02 8:54 p.m.59 views

CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

4.1CVSS8.9AI score0.00839EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 7:45 p.m.24 views

K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.3AI score0.10471EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:7 p.m.37 views

K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.9AI score0.18001EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.20 views

K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS9.3AI score0.19739EPSS
Exploits1
Cisco
Cisco
added 2023/02/15 4:0 p.m.124 views

ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS9.7AI score0.29314EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/04/14 3:57 p.m.69 views

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...

6.1CVSS6AI score0.01349EPSS
Exploits1References6
Malwarebytes
Malwarebytes
added 2022/04/11 2:14 p.m.25 views

Credential-stealing malware disguises itself as Telegram, targets social media users

A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/02 11:36 a.m.28 views

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/09 5:24 p.m.58 views

Mysterious Custom Malware Collects Billions of Stolen Data Points

Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million...

6.8AI score
Exploits0References7
CNVD
CNVD
added 2021/06/03 12:0 a.m.6 views

OpenText Brava! Desktop out-of-bounds write vulnerability (CNVD-2021-42328)

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS7AI score0.01419EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.6 views

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DXF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS5.9AI score0.01419EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.4 views

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DXF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS5.9AI score0.01419EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.4 views

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS5.9AI score0.01419EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2021/03/02 3:2 p.m.123 views

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware families are operated by distinct different threat actors on...

0.6AI score
Exploits0
CNNVD
CNNVD
added 2021/01/21 12:0 a.m.7 views

Delta Electronics TPEditor Buffer Error Vulnerability

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics TPEditor v1.98 and prior that could allow an attacker to execute code with the privileges of the application...

7.8CVSS7.3AI score0.01278EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2020/11/09 3:26 p.m.223 views

Exploit for CVE-2020-14883

CVE-2020-14883 Oracle WebLogic Server Authenticated Remote Cod...

10CVSS9AI score0.99997EPSS
Exploits43
CNVD
CNVD
added 2020/05/29 12:0 a.m.6 views

Unspecified Vulnerability in Teradici PCoIP Standard Agent and Teradici PCoIP Graphics Agent

Teradici PCoIP Standard Agent and Teradici PCoIP Graphics Agent are both products of Teradici Canada.Teradici PCoIP Standard Agent is an agent program for connecting virtual desktops.Teradici PCoIP Graphics Agent is an agent program that provides GPU-enabled physical and virtual workstations to...

7.8CVSS6.3AI score0.00232EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/13 12:0 a.m.20 views

MS15-046: Description of the security update for Office 2010 Service Pack 2: May 12, 2015

MS15-046: Description of the security update for Office 2010 Service Pack 2: May 12, 2015 Introduction This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Office file in an...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/04/01 12:0 a.m.3 views

Memory Corruption Vulnerability in Microsoft Office

Microsoft Office is a Windows-based office software suite developed by Microsoft Microsoft. A memory corruption vulnerability exists in Microsoft Office, which can be exploited by an attacker to cause a denial of service...

6.8AI score
Exploits0
Virtuozzo
Virtuozzo
added 2020/03/31 12:0 a.m.107 views

Product update: Virtuozzo 7.0 Update 13 (7.0.13-298)

The Update 13 for Virtuozzo 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1062.12.1.vz7.131.10. Vulnerability id: PSBM-95072 'pstorage-target' files are left over after successful migrations of VMs on Virtuozzo Storage from...

7.1AI score
Exploits0
Rows per page
Query Builder