149 matches found
GHSA-FHG8-QXH5-7Q3W NATS Server may fail to authorize certain Jetstream admin APIs
Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...
NATS Server may fail to authorize certain Jetstream admin APIs
Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...
SUSE CVE-2025-30215
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here...
PT-2025-15666 · Unknown +1 · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS-Server versions 2.2.0 through 2.10.27 NATS-Server versions prior to 2.11.1 Description: The issue is related to the absence of access controls for the JetStream API in NATS-Server, allowing any user with JS management permissions in any...
CVE-2024-39927
Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...
CVE-2024-39927
Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...
CVE-2024-39927
Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...
CVE-2024-39927
The CVE-2024-39927 issue affects Ricoh MFPs and printers and is a remote out-of-bounds write vulnerability (CWE-787) that can lead to DoS and potential data destruction. Exploitation is described as remote via crafted requests; no evidence of arbitrary code execution is provided in the sources. R...
PT-2024-28739 · Ricoh · Ricoh Mfps +1
Name of the Vulnerable Software and Affected Versions: Ricoh MFPs and printers affected versions not specified Description: An out-of-bounds write issue exists in the affected products. If a remote attacker sends a specially crafted request, it may cause a denial-of-service DoS condition and/or...
JVN#14294633: Out-of-bounds write vulnerability in Ricoh MFPs and printers
MFPs and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability CWE-787. Impact If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service DoS condition and/or user's data may be destroyed...
silverstripe/graphql Cross-Site Request Forgery vulnerability
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing...
FTC Bans InMarket for Selling Precise User Location Without Consent
The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...
FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data
The U.S. Federal Trade Commission FTC on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that...
Information disclosure
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...
PT-2023-22122 · Unknown · Facschorus
Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...
Default credentials
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...
FBI warns of multiple ransomware attacks on same victim
The Federal Bureau of Investigation FBI has released a notification that highlights two trends emerging across the ransomware environment. The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. New data destruction tactics...
CVE-2022-24350
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function ...
CVE-2022-34878
SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...