Lucene search
K

108 matches found

UbuntuCve
UbuntuCve
added 2024/04/03 5:15 p.m.25 views

CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before initfn for nonboot CPUs Disable IRQ before initfn for nonboot CPUs when hotplug, in order to silence such warnings and also avoid potential errors due to unexpected interrupts: WARNING: CPU: 1 PID: 0...

5.5CVSS5.8AI score0.00236EPSS
Exploits0References6
CVE
CVE
added 2024/01/08 9:4 a.m.81 views

CVE-2023-29051

CVE-2023-29051 affects Open-Xchange App Suite. User-defined OXMF templates could access a limited part of the internal Java API, with an ineffective default switch to disable template usage. This could allow unauthorized users to discover and modify application state, including objects tied to ot...

8.1CVSS7.9AI score0.00546EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.5 views

PT-2023-31140

Name of the Vulnerable Software and Affected Versions Hotel Management version 1.0 Description The issue concerns multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Specifically, the children parameter of the "reservation.php" resource is copied into the HTML document as plain...

5.4CVSS5.3AI score0.00374EPSS
Exploits0References7
Prion
Prion
added 2023/11/02 2:15 p.m.17 views

Design/Logic Flaw

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...

5.8CVSS8.8AI score0.00371EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/02 1:0 p.m.18 views

CVE-2023-26452

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL...

7.6CVSS9AI score0.00371EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/09/21 4:15 p.m.35 views

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

8.1CVSS7.2AI score0.00571EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

4.8CVSS5.5AI score0.00399EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/06/28 12:0 a.m.4 views

PT-2023-6250 · Yifan · Yifan Yf325

Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: The issue is related to two heap-based buffer overflow vulnerabilities in the httpd manage post functionality. A specially crafted network request can lead to a heap buffer overflow, allowing an...

10CVSS9.8AI score0.00773EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2025-25909 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc2-syzkaller-00316-g0457e5153e0e Description: A vulnerability in the Linux kernel has been resolved, related to the udmabuf device. If the DMA mask is not set explicitly, a warning occurs when userspace...

8.8CVSS6AI score0.12746EPSS
Exploits32References1123
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.6 views

PT-2022-17632 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A stack-based buffer overflow vulnerability exists in the confsrv ucloud set node location functionality. This issue can be triggered by a specially-crafted network packet, leading to a...

9.8CVSS8.8AI score0.01088EPSS
Exploits1References4
Malwarebytes
Malwarebytes
added 2022/08/04 1:19 p.m.29 views

Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...

Exploits0
Malwarebytes
Malwarebytes
added 2022/08/04 1:0 p.m.14 views

Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...

Exploits0
Malwarebytes
Malwarebytes
added 2022/07/27 11:56 a.m.26 views

Simplifying the fight against ransomware: An expert explains

Fighting against ransomware can be difficult—especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware. In this post,...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.8 views

PT-2022-3891 · Robustel · Robustel R1510

Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server's ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. The /ajax/set...

9.8CVSS9.7AI score0.04251EPSS
Exploits1References6
Securelist
Securelist
added 2022/06/06 8:0 a.m.1633 views

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers from the naosec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool MSDT that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the...

9.3CVSS7.9AI score0.99933EPSS
Exploits118
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.3 views

PT-2022-18880 · Sap · Sap Netweaver Abap Server +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750, 787 Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked t...

4.7CVSS4.5AI score0.00789EPSS
Exploits0References5
Securelist
Securelist
added 2022/04/04 3:30 p.m.589 views

Spring4Shell (CVE-2022-22965): details and mitigations

Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring frameworks popularity. By analog...

9.3CVSS0.7AI score0.99999EPSS
Exploits479
Trellix
Trellix
added 2022/02/28 12:0 a.m.45 views

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

8.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/02/15 1:51 p.m.12 views

All Vulnerabilities for records.tceq.texas.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| records.tceq.texas.gov ---|--- Open Bug...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.10 views

PT-2022-12055 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetRec param...

8.6CVSS7.8AI score0.01145EPSS
Exploits1References4
Rows per page
Query Builder