Lucene search
K

721 matches found

UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.12 views

CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.6AI score0.00234EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.6 views

CVE-2025-0622

A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If...

6.4CVSS6.6AI score0.00262EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.4 views

CVE-2025-0677

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

6.4CVSS7.3AI score0.00318EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.7 views

CVE-2025-1118

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

4.4CVSS6.1AI score0.00286EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.7 views

CVE-2025-1125

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size...

7.8CVSS7.2AI score0.00371EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.11 views

CVE-2024-45780

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap...

6.7CVSS6.7AI score0.00262EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.13 views

CVE-2025-0684

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

6.4CVSS6.9AI score0.00251EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.6 views

CVE-2025-0690

The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to...

6.1CVSS7.1AI score0.00673EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/02/03 5:30 a.m.20 views

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer aka AMOS, and Angel Drainer. "Specializing in...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.5 views

Ruifang-tech Rebuild 安全漏洞

Ruifang-tech Rebuild is a zero-code, open-source and free enterprise management system from China Ruifang Ruifang-tech. A security vulnerability exists in Ruifang-tech Rebuild version 3.8.6. An attacker can exploit the vulnerability by incorrectly manipulating the nexturl parameter with the input...

5.3CVSS4.8AI score0.00329EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 11:23 a.m.4 views

Malicious code in evil-package-for-test2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d141529121b568f8705000de163ace0e815677592f10b3a603b92431e105aefe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/29 1:28 a.m.4 views

Malicious code in evil-package-for-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a239752739844b809432df8dcc829f77e1a30400c98e4d475d703d3fd7dceb34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/11/29 1:28 a.m.6 views

MAL-2024-11141 Malicious code in evil-package-for-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a239752739844b809432df8dcc829f77e1a30400c98e4d475d703d3fd7dceb34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2024/11/16 1:19 p.m.6 views

MAL-2024-10743 Malicious code in alex_evil-test-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 055ea9627aa88ed77488e1c0cdc293a76dfe9e3d24d6fbfc3c897233e426303d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/11/13 3:15 p.m.10 views

CVE-2024-49504

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks...

7CVSS7.2AI score0.00325EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/11 4:32 p.m.5 views

Malicious code in test-evil-pkg-reverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61acc3b6b342e65ed4e73d06d4e1361360c9c90c1d6d4974045bceee140bd1dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/07 9:16 a.m.17 views

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp&...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/03 7:15 a.m.16 views

LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit aka Bitwise Spider ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspecte...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/10/01 4:59 p.m.10 views

Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence

UK law enforcement and international partners have released new details about the cybercriminal gang Evil Corp, including its use of the Lockbit ransomware platform and ties to Russian intelligence...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/24 6:57 a.m.6 views

Malicious code in evil-select-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db8225867ca74c2a2192382dc4abcc5119fb1ac07049412245e3a686524138f8 Package description attempts to pentest/exploit the PyPI web interface. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...

6.9AI score
Exploits0References1
Rows per page
Query Builder