Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network services orchestrator from Cisco USA. A security vulnerability exists in Cisco Crosswork Network Services Orchestrator that originates from the use of a user-controlled search path to locate executables, allowing an authenticated, local...

PT-2024-40140 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1 Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access ...

Panoramic Corporation Digital Imaging Software 安全漏洞

Panoramic Corporation Digital Imaging Software is an imaging software from Panoramic Corporation. A security vulnerability exists in Panoramic Corporation Digital Imaging Software version v.9.1.2.7600, which originates from a vulnerability that allows a local attacker to escalate privileges via t...

Kemp LoadMaster Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such,...

Kemp LoadMaster Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default 'bal' user. As such, if the...

Microsoft Process Explorer 安全漏洞

Microsoft Process Explorer is a process explorer from Microsoft Corporation USA. A security vulnerability exists in Microsoft Process Explorer versions prior to 17.04, which stems from a wcscats error handling issue, that allows an attacker to render its functionality unavailable by renaming an...

PT-2024-13055 · Microsoft · Process Explorer

Name of the Vulnerable Software and Affected Versions: Process Explorer versions prior to 17.04 Description: The issue allows attackers to make Process Explorer functionally unavailable, resulting in a denial of service for analysis. This can be achieved by renaming an executable file to a new...

CVE-2024-4549

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

CVE-2023-50233

Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in...

Webroot Antivirus 安全漏洞

Webroot Antivirus is an antivirus software from Webroot USA. A security vulnerability exists in Webroot Antivirus versions 8.0.1X through 9.0.35.12 that originates from a vulnerability that allows malware to abuse WRSA.EXE to delete arbitrary files...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

SUSE CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

[SECURITY] Fedora 40 Update: upx-4.2.3-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

shim: out of bounds read when parsing MZ binaries

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak aka Anunak. "FIN7 identified employees at the company who worked in the IT department and had higher levels of...