Lucene search
K

7653 matches found

ThreatPost
ThreatPost
added 2022/01/24 9:13 p.m.49 views

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

7.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/24 6:29 p.m.34 views

CVE-2021-30953

A flaw was found in webkitgtk. The vulnerability occurs due to improper bounds checking, which can lead to an out-of-bounds read vulnerability. An attacker with network access could pass specially crafted web content files causing an application to halt, crash, or may lead to arbitrary code...

8.8CVSS4.5AI score0.01939EPSS
Exploits0References4
Veracode
Veracode
added 2022/01/24 4:24 a.m.19 views

Denial Of Service (DoS)

libgpac.so is vulnerable to denial of service. The vulnerability exists due to an improper type checking in the function gfsgvrmlfieldpointerdel at scenegraph/vrmltools.c, causing NULL pointer dereference...

5.5CVSS3.4AI score0.007EPSS
Exploits1References2Affected Software2
CNVD
CNVD
added 2022/01/21 12:0 a.m.21 views

Jenkins Permissions and Access Control Issues Vulnerability

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins SSH Agent Plugin 1.23 previously had a security vulnerability that stemmed from a lack of privilege checking, whi...

4.3CVSS2.3AI score0.00748EPSS
Exploits0References1
Huntr
Huntr
added 2022/01/17 10:9 a.m.20 views

Improper Access Control in janeczku/calibre-web

Description With default settings, low-level users will not have permission to create new shelf with public mode. However, due to incorrect checking, the function does not work as intended. Steps To Reproduce - Step 1: Login with admin account and go to http://hostname:8083/admin/user/new. Create...

4CVSS5.2AI score0.0067EPSS
Exploits1
Code423n4
Code423n4
added 2022/01/17 12:0 a.m.11 views

L2Migrator allows a user to migrate once through claimStake() and once through finalizeMigrateDelegator()

Handle Ruhum Vulnerability details Impact There are two ways to migrate from L1 to L2. Either through the cross-chain or the snapshot migration, as specified here But, a user is able to migrate twice by using both options. Proof of Concept The issue is that the migratedDelegator map is not used...

6.7AI score
Exploits0
Prion
Prion
added 2022/01/14 8:15 p.m.14 views

Code injection

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

5.5CVSS7.8AI score0.00849EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/13 10:15 p.m.1 views

CVE-2021-34858

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS file...

7.8CVSS7.5AI score0.03756EPSS
Exploits0References2
OSV
OSV
added 2022/01/12 10:29 p.m.23 views

GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

8.8CVSS8.7AI score0.03897EPSS
Exploits1References9
Fedora
Fedora
added 2022/01/12 1:16 a.m.17 views

[SECURITY] Fedora 34 Update: roundcubemail-1.4.13-1.fc34

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/12 12:0 a.m.10 views

Fedora: Security Advisory for roundcubemail (FEDORA-2022-d7347d9432)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Ubuntu
Ubuntu
added 2022/01/05 5:3 p.m.128 views

USN-5207-1: Linux kernel (OEM) vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...

9.8CVSS7.3AI score0.57853EPSS
Exploits3
CNVD
CNVD
added 2022/01/03 12:0 a.m.23 views

Netgear Nighthawk R6700 Command Injection Vulnerability

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. A command injection vulnerability exists in the Netgear Nighthawk R6700, which stems from the fact that the product supports update checking via the soap interface and can be injected with a pre-set value. No details of the...

8.8CVSS2AI score0.03199EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/12/31 12:0 a.m.31 views

CVE-2021-30953

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.2AI score0.01939EPSS
Exploits0References3
CNVD
CNVD
added 2021/12/29 12:0 a.m.25 views

VideoOffice Arbitrary File Download and Execution Vulnerability

VideoOffice is Internet video conferencing. VideoOffice suffers from an arbitrary file download and execution vulnerability that stems from a lack of support for integrity checking. No detailed vulnerability details are available at this time...

9.8CVSS9.7AI score0.00689EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 6:59 p.m.32 views

Security Bulletin: i2 Analysts' Notebook memory corruption vulnerability

Summary i2 Analysts' Notebook is potentially vulnerable to a memory corruption vulnerability Vulnerability Details CVEID: CVE-2021-39050 DESCRIPTION: IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local...

7.8CVSS7.6AI score0.00299EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 6:45 p.m.41 views

Security Bulletin: i2 Analysts' Notebook memory corruption vulnerability

Summary i2 Analysts' Notebook is vulnerable to potential memory corruption vulnerabilities Vulnerability Details CVEID: CVE-2021-39049 DESCRIPTION: IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacke...

7.8CVSS7.6AI score0.00299EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.4 views

The vulnerability of the Preferences component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Preferences component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS is related to deficiencies in path name checking for restricted access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

5.5CVSS5.9AI score0.0101EPSS
Exploits0References7Affected Software5
CNVD
CNVD
added 2021/12/16 12:0 a.m.19 views

IBM i Buffer Overflow Vulnerability

IBM i is a set of operating systems from IBM USA running in IBM Power Systems and IBM PureSystems. IBM i has a buffer error vulnerability that stems from incorrect software boundary checking, making the software vulnerable to stack-based buffer overflow attacks, which could be exploited by a loca...

7.8CVSS5.1AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2021/12/13 7:15 p.m.12 views

CVE-2021-39050

IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440...

7.8CVSS0.00299EPSS
Exploits0References2
Rows per page
Query Builder