Lucene search
K

149 matches found

OSV
OSV
added 2025/04/15 9:45 p.m.6 views

GHSA-FHG8-QXH5-7Q3W NATS Server may fail to authorize certain Jetstream admin APIs

Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...

9.6CVSS7.4AI score0.00561EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/04/15 9:45 p.m.23 views

NATS Server may fail to authorize certain Jetstream admin APIs

Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...

9.6CVSS7AI score0.00561EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2025/04/10 2:8 a.m.4 views

SUSE CVE-2025-30215

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

9.6CVSS6.7AI score0.00561EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2025/01/03 2:46 p.m.10 views

ShredOS

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-15666 · Unknown +1 · Nats Server +1

Name of the Vulnerable Software and Affected Versions: NATS-Server versions 2.2.0 through 2.10.27 NATS-Server versions prior to 2.11.1 Description: The issue is related to the absence of access controls for the JetStream API in NATS-Server, allowing any user with JS management permissions in any...

9.6CVSS7.9AI score0.00561EPSS
Exploits0References28
NVD
NVD
added 2024/07/10 7:15 a.m.23 views

CVE-2024-39927

Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

8.2CVSS0.00576EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/10 6:55 a.m.12 views

CVE-2024-39927

Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

6.9AI score0.00576EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/10 6:55 a.m.29 views

CVE-2024-39927

Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

0.00576EPSS
Exploits0References4
CVE
CVE
added 2024/07/10 6:55 a.m.56 views

CVE-2024-39927

The CVE-2024-39927 issue affects Ricoh MFPs and printers and is a remote out-of-bounds write vulnerability (CWE-787) that can lead to DoS and potential data destruction. Exploitation is described as remote via crafted requests; no evidence of arbitrary code execution is provided in the sources. R...

8.2CVSS7.1AI score0.00576EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.7 views

PT-2024-28739 · Ricoh · Ricoh Mfps +1

Name of the Vulnerable Software and Affected Versions: Ricoh MFPs and printers affected versions not specified Description: An out-of-bounds write issue exists in the affected products. If a remote attacker sends a specially crafted request, it may cause a denial-of-service DoS condition and/or...

8.2CVSS6.8AI score0.00576EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/10 12:0 a.m.17 views

JVN#14294633: Out-of-bounds write vulnerability in Ricoh MFPs and printers

MFPs and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability CWE-787. Impact If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...

8.2CVSS8AI score0.00576EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/28 1:13 p.m.27 views

silverstripe/graphql Cross-Site Request Forgery vulnerability

The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...

6.9AI score
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2024/01/22 7:2 a.m.37 views

FTC Bans InMarket for Selling Precise User Location Without Consent

The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/10 8:47 a.m.24 views

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

The U.S. Federal Trade Commission FTC on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that...

6.3AI score
Exploits0
Prion
Prion
added 2023/11/28 9:15 p.m.29 views

Information disclosure

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

4.6CVSS6.8AI score0.00274EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.4 views

PT-2023-22122 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...

4.3CVSS4.4AI score0.00274EPSS
Exploits0References4
Prion
Prion
added 2023/11/10 7:15 a.m.21 views

Default credentials

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...

7.5CVSS8.8AI score0.01414EPSS
Exploits1References2Affected Software2
Malwarebytes
Malwarebytes
added 2023/10/02 2:0 a.m.12 views

FBI warns of multiple ransomware attacks on same victim

The Federal Bureau of Investigation FBI has released a notification that highlights two trends emerging across the ransomware environment. The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. New data destruction tactics...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2023/04/12 12:0 a.m.42 views

CVE-2022-24350

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...

5.9AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2022/07/05 4:15 p.m.6 views

CVE-2022-34878

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

8.8CVSS5.9AI score0.03431EPSS
Exploits1References2
Rows per page
Query Builder