111 matches found
SUSE CVE-2022-3636
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function mtkppecheckskb of the file drivers/net/ethernet/mediatek/mtkppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...
ek-pro.dk Cross Site Scripting vulnerability OBB-2649362
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...
PYSEC-2022-184
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...
CVE-2022-1053
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...
Tenant and Verifier might not use the same registrar data
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an...
PT-2022-13620
Name of the Vulnerable Software and Affected Versions Keylime affected versions not specified Description The issue arises because Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating...
Vulnerabilities fixed in Google Android
Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Access to sensitive data Increased user privileges The vulnerability with attribute...
NETGEAR 缓冲区错误漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR that stems from the mishandling of the WPS Wi-Fi Protected Setup protocol by MediaTek microchips...
ek-werbemittel.de Cross Site Scripting vulnerability OBB-1326866
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Purple Fox EK Adds Microsoft Exploits to Arsenal
The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...
Joomla Ek Rishta SQL Injection (CVE-2018-7315)
An SQL injection vulnerability exists in Joomla Ek Rishta component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Magnitude exploit kit – evolution
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Fla...
CVE-2019-19300
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN 6ES7157-1AB00-0AB0, SIMATIC ET 200eco PN, ...
Copycat criminals abuse Malwarebytes brand in malvertising campaign
While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on...
Spelevo exploit kit debuts new social engineering trick
2019 has been a busy year for exploit kits, despite the fact that they haven't been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult...
Exploit kits: fall 2019 review
Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we're seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide with the exception of a few...
Race condition
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFIN...
PT-2019-3377 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to the way the scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the...
Say hello to Lord Exploit Kit
Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin's Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collecte...