Lucene search
+L

274 matches found

ATTACKERKB
ATTACKERKB
added 2022/02/11 6:15 p.m.2 views

CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

5.5CVSS6.2AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2022/02/11 6:15 p.m.4 views

CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2022/01/13 3:45 a.m.27 views

GO-2021-0263 Panic on invalid symbol tables in debug/macho

Calling File.ImportedSymbols on a loaded file which contains an invalid dynamic symbol table command can cause a panic, in particular if the encoded number of undefined symbols is larger than the number of symbols in the symbol table...

7.5CVSS7.7AI score0.04372EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2021/12/21 9:6 a.m.21 views

opencryptoki bug fix and enhancement update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

0.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.9 views

The software for Cisco Webex Meetings Server, Cisco Webex Meetings Desktop App, and Cisco Webex Teams – a collaboration tool for Windows operating systems – has vulnerabilities related to errors in the path validation mechanism for dynamically loaded libraries. This allows attackers to execute arbitrary code.

The vulnerability of Cisco Webex Meetings Server, Cisco Webex Meetings Desktop App, and Cisco Webex Teams for Windows operating systems relates to errors in the mechanism for checking paths to dynamically loaded libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.3CVSS7.5AI score0.00326EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2021/10/06 6:15 p.m.20 views

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library...

7.2CVSS0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/06 5:7 p.m.24 views

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library...

5.3CVSS7.2AI score0.00108EPSS
Exploits0References1
Securelist
Securelist
added 2021/09/30 10:0 a.m.48 views

GhostEmperor: From ProxyLogon to kernel mode

Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...

1.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/09/28 9:15 p.m.3 views

CVE-2021-41106

JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as...

4.4CVSS5.8AI score0.00199EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.7 views

Dr.Web Firewall 代码问题漏洞

Dr.Web Firewall is a network firewall from the Russian company Dr.Web. A code issue vulnerability exists in Dr.Web Firewall that originates from Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A custom loaded DLL in a legitimate binary e.g. frwlsvc.exe...

7.8CVSS7.5AI score0.00371EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/07/07 9:30 p.m.32 views

FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles

A Cobalt Strike Beacon Object File BOF project which uses direct system calls to enumerate processes for specific modules or process handles. What is this repository for? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules e.g. winhttp.dll,...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/18 12:0 a.m.118 views

McAfee Agent 5.x prior to 5.7.3 Multiple Vulnerabilities (SB10362)

The version of McAfee Agent, formerly McAfee ePolicy Orchestrator ePO Agent, installed on the remote host is 5.x prior to 5.7.3. It is, therefore, affected by the following vulnerabilities: - An improper privilege management vulnerability exists due to a local user having the ability to edit the...

7.3CVSS5.9AI score0.00348EPSS
Exploits0References3
Veracode
Veracode
added 2021/03/23 2:7 a.m.21 views

Remote Code Execution

xstream is vulnerable to remote code execution. The vulnerability exists due to an uncontrolled process references on enum types at deserialization, allowing an attacker to manipulate the processed input stream and replace or inject objects, that result in execution of arbitrary code loaded from ...

9.1CVSS4.7AI score0.82136EPSS
Exploits1References24Affected Software5
Kitploit
Kitploit
added 2021/01/27 8:30 p.m.41 views

SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

7.1AI score
Exploits0References4
Metasploit
Metasploit
added 2021/01/16 5:41 p.m.153 views

Microsoft Spooler Local Privilege Elevation Vulnerability

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

7.8CVSS7.9AI score0.14179EPSS
Exploits10
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.9 views

Oppo Backup and Oppo Restore Security Vulnerabilities

OPPO Guangdong Mobile Communications Oppo Backup is a backup service for devices from OPPO Guangdong Mobile Communications, China.OPPO Guangdong Mobile Communications Oppo Restore is a recovery service for devices from OPPO Guangdong Mobile Communications, China. A security vulnerability exists i...

9.8CVSS7.3AI score0.01135EPSS
Exploits0References2
NVD
NVD
added 2020/11/12 10:15 a.m.28 views

CVE-2020-11201

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P,...

7.8CVSS7.7AI score0.01804EPSS
Exploits1References3
Prion
Prion
added 2020/11/12 10:15 a.m.26 views

Input validation

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P,...

7.2CVSS7.7AI score0.01804EPSS
Exploits1References3
CVE
CVE
added 2020/11/12 10:0 a.m.59 views

CVE-2020-11201

CVE-2020-11201 targets Qualcomm Snapdragon systems with DSP/Hexagon components. The issue arises from an improper check in a loaded library used for data flowing from the CPU to the DSP, affecting Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, and Mobile families (e.g., QCM6125, QCS410/6...

7.8CVSS7.6AI score0.01804EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/10/28 11:15 a.m.3 views

CVE-2020-5144

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability...

7.8CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder