33 matches found
EUVD-2025-210044
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
PT-2025-99: Deserialization of untrusted data in FreeScout
The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize untrusted data, manipulate objects and impair system functionality. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025 Recommendation...
Physical Layer-Based Device Fingerprinting for Wireless Security: from Theory to Practice
The identification of the devices from which a message is received is part of security mechanisms to ensure authentication in wireless communications. Conventional authentication approaches are cryptography-based, which, however, are usually computationally expensive and not adequate in the...
Alibaba Cloud Linux 3 : 0083: bind (ALINUX3-SA-2023:0083)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2795: By flooding the target...
Investigating a SharePoint Compromise: IR Tales from the Field
Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...
CVE-2024-37346 Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the...
CVE-2024-32912
there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-PR99-C33P-FWF6 Drupal core Denial of Service
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt...
PT-2024-40413 · Packagist · Drupal Core
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: A visit to the install.php endpoint can cause cached data to become corrupted, potentially impairing a site until caches are rebuilt. Recommendation...
PT-2024-40492 · Packagist · Drupal/Drupal
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: A visit to the install.php endpoint can cause cached data to become corrupted, potentially impairing a site until caches are rebuilt. Recommendations: At the moment, there is no...
EulerOS Virtualization 2.9.0 : dhcp (EulerOS-SA-2023-2981)
According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2404)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-1619)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: bind
Issue Overview: A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a...
SUSE SLES12: bind / bind-chrootenv / bind-devel / bind-doc / bind-utils / etc (SUSE-SU-2022:3499-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3499-1 advisory. - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations...
CVE-2022-2795
A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...
CVE-2022-2795
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...
HUAWEI HarmonyOS Buffer Overflow Vulnerability (CNVD-2022-66178)
HUAWEI HarmonyOS is an operating system from Huawei, China HUAWEI. HUAWEI HarmonyOS 2.0 is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause availability impairment...