11 matches found
K000161455: glibc vulnerability CVE-2026-0861
Security Advisory Description Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have...
CVE-2025-24834
Intel CIP software prior to WIN_DCA_2.4.0.11001 contains a protection mechanism failure in Ring 3: User Applications, which may allow information disclosure. An unprivileged, unauthenticated user with low-complexity attack could exposure data via adjacent access. Affected products: Intel CIP soft...
EUVD-2024-48729
Malicious code in bioql PyPI...
CVE-2024-1223
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2025-30737
Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion component: Core Smart View. The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Smart View for Office...
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures CVEs disclosed worldwide, covering a range of applications, software and hardware that...
What's New in CVSS v4
The pending update to the Common Common Vulnerability Scoring System CVSS, version 4.0, has garnered a noticeable volume of articles, blog posts and watercooler now known as Slack and Zoom air time. Reaction from the community has been positive, with general sentiment pinned somewhere near...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
CVE-2020-1544
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...
CVE-2020-1547
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...
Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context
Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...