30 matches found
EUVD-2026-38425
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...
EUVD-2021-25018
Malware in sbrugna...
EUVD-2022-34347
Malicious code in bioql PyPI...
📄 Glass Cage Zero-Click iMessage Exploit Details
Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller BMC software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085 , carries a CVSS v4 score of 10.0,...
CVE-2024-28754
RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to cause a persistent denial of service bricking via a crafted request...
HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk
By Deeba Ahmed HP CEO Enrique Lores defended HP's practice of bricking printers when loaded with third-party ink. This is a post from HackRead.com Read the original post: HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk...
Unsafe use of balanceOf(address(this))
Lines of code Vulnerability details Impact AfEth.deposit can be bricked. Proof of Concept AfEth makes use of its own balance of afEth as a temporary store of afEth for withdrawal requests. On requestWithdraw afEth is transferred to the AfEth contract and these are then burned on withdraw. The...
Code injection
fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device...
CVE-2021-35954
fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...
ownerMintUsingTokenId can brick the whole contract
Lines of code Vulnerability details Impact With the function ownerMintUsingTokenId, it is possible for the owner to mint a token with an arbitrary token ID. However, this can brick the whole contract and cause a situation where no more mints / buys are possible. This happens when a token ID is...
CVE-2022-2044
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device...
CVE-2022-2044
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device...
NounsDAOLogic.sol would become bricked if NoansDAOExecutor.sol admin ever changes
Lines of code Vulnerability details Impact NounsDAOLogic.sol would become bricked and upgradability would be completely broken Proof of Concept In the current setup, NoansDAOExecutor.sol is both admin and timelock for NounsDAOLogic.sol. If the admin for NoansDAOExecutor.sol was ever changed,...
EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2022-2072)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently bric...
updateValset() Insufficient validation of new validator set may brick the contract
Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system...
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system...
PT-2021-8089 · Intel +2 · Tianocore Edk2 +2
Name of the Vulnerable Software and Affected Versions: Tianocore edk2 affected versions not specified Description: The issue concerns a BIOS bug and a library vulnerability. The BIOS bug affects the Platform authorization value, leaving it empty, which can lead to the permanent bricking of the TP...
TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions
The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...