Lucene search
+L

111 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3636

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function mtkppecheckskb of the file drivers/net/ethernet/mediatek/mtkppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...

7.8CVSS9AI score0.00325EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2022/06/13 11:4 a.m.9 views

ek-pro.dk Cross Site Scripting vulnerability OBB-2649362

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/06 5:15 p.m.7 views

CVE-2022-1053

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...

9.1CVSS7.7AI score0.01343EPSS
Exploits0References12
OSV
OSV
added 2022/05/06 5:15 p.m.19 views

PYSEC-2022-184

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...

9.1CVSS2.8AI score0.01343EPSS
Exploits0References7
OSV
OSV
added 2022/05/06 4:45 p.m.22 views

CVE-2022-1053

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...

9.1CVSS9.1AI score0.01343EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/05 3:59 p.m.38 views

Tenant and Verifier might not use the same registrar data

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...

9.1CVSS3.2AI score0.01343EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/05 12:0 a.m.4 views

PT-2022-13620

Name of the Vulnerable Software and Affected Versions Keylime affected versions not specified Description The issue arises because Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating...

9.3CVSS7.1AI score0.01343EPSS
Exploits1References31
NCSC
NCSC
added 2022/02/08 12:0 a.m.16 views

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...

10CVSS7.5AI score0.05927EPSS
Exploits0
CNNVD
CNNVD
added 2021/12/26 12:0 a.m.8 views

NETGEAR 缓冲区错误漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR that stems from the mishandling of the WPS Wi-Fi Protected Setup protocol by MediaTek microchips...

9.3CVSS7.9AI score0.01197EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2020/09/11 5:40 p.m.8 views

ek-werbemittel.de Cross Site Scripting vulnerability OBB-1326866

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/06 3:21 p.m.21549 views

Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...

7.6CVSS8.4AI score0.86863EPSS
Exploits83References23
Check Point Advisories
Check Point Advisories
added 2020/06/28 12:0 a.m.46 views

Joomla Ek Rishta SQL Injection (CVE-2018-7315)

An SQL injection vulnerability exists in Joomla Ek Rishta component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.9AI score0.02703EPSS
Exploits5
Securelist
Securelist
added 2020/06/24 10:0 a.m.878 views

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Fla...

7.6CVSS8.7AI score0.87639EPSS
Exploits31
Cvelist
Cvelist
added 2020/04/14 12:0 a.m.29 views

CVE-2019-19300

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN 6ES7157-1AB00-0AB0, SIMATIC ET 200eco PN, ...

7.5CVSS7.4AI score0.015EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2020/04/07 6:27 p.m.54 views

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/18 4:0 p.m.46 views

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven't been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult...

1.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/11/19 6:8 p.m.358 views

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we're seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide with the exception of a few...

10CVSS9.6AI score0.89532EPSS
Exploits40
Prion
Prion
added 2019/10/10 2:15 p.m.28 views

Race condition

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFIN...

5CVSS7.5AI score0.02065EPSS
Exploits0References1Affected Software44
Positive Technologies
Positive Technologies
added 2019/09/23 12:0 a.m.5 views

PT-2019-3377 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to the way the scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the...

7.6CVSS7.2AI score0.52729EPSS
Exploits0References14
Malwarebytes
Malwarebytes
added 2019/08/02 6:15 p.m.129 views

Say hello to Lord Exploit Kit

Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin's Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collecte...

10CVSS9.8AI score0.81971EPSS
Exploits13
Rows per page
Query Builder