UBUNTU-CVE-2024-38797

EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability...

PT-2025-15273

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...

Outback Power Mojave Inverter 信息泄露漏洞

The Outback Power Mojave Inverter is an AC inverter from Outback Power. An information disclosure vulnerability exists in the Outback Power Mojave Inverter that stems from the possibility that an attacker could modify the URL to discover sensitive information about the target network...

Regular Expression Denial of Service (ReDoS)

Overview parse-duration is a package that converts a human readable duration to ms. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker could cause an event loop delay or trigger an out of memory error that would crash a running Node.js...

PT-2025-5619 · Ndpi · Ndpi

Name of the Vulnerable Software and Affected Versions: nDPI versions 4.12 and earlier Description: The issue is a potential stack-based buffer overflow in the ndpi address cache restore function located in lib/ndpi cache.c. This could potentially lead to exploitation. Recommendations: For nDPI...

UBUNTU-CVE-2024-57791

In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sockrecvmsg when draining clc data When receiving clc msg, the field length in smcclcmsghdr indicates the length of msg should be received from network and the value should not be fully trusted as i...

Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...

VulnCheck KEV: CVE-2017-0929

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

QNAP Systems QTS 和QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS version 5.1.6.272...

TxtDot 安全漏洞

TxtDot is an HTTP proxy from TxtDot Open Source. A security vulnerability exists in TxtDot versions prior to 1.7.0. A remote attacker exploited the vulnerability to send an HTTP GET request to an arbitrary target using the server as a proxy and retrieve information in an internal network...

GHSA-QV6X-53JJ-VW59 NASA AIT-Core uses unencrypted channels to exchange data over the network

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack...

CVE-2024-35061

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution...

CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

Artificial intelligence AI is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the futur...

Panasonic KW Watcher 安全漏洞

Panasonic KW Watcher is an application software from Panasonic Corporation Japan. It allows you to monitor the log files downloaded from the network data logger from your PC. A security vulnerability exists in Panasonic KW Watcher versions 1.00 through 2.83, which originated from a vulnerability...

FURUNO ACERA 安全漏洞

FURUNO ACERA is a series of switches from FURUNO Japan. A security vulnerability exists in the FURUNO ACERA 9010 v02.04 and earlier firmware versions, ACERA 9010-24 v02.04 and earlier firmware versions, which originates from an unauthenticated attacker being able to log in to the product without ...

SUSE CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Security Vulnerabilities fixed in Thunderbird 115.8 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

USN-6481-1 frr vulnerabilities

It was discovered that FRR incorrectly handled certain malformed NLRI data. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2023-46752 It was discovered that FRR incorrectly handled certain BGP UPDATE messages. A remote attacker could...

What is XDR ?

Unpacking XDR: Broadened Acknowledgment and Response In the perpetually advancing domain of digital protection, new lingo and philosophies constantly emerge. Among the more recent additions is XDR, an acronym for Extended Detection and Response. This passage will provide a detailed insight into...

cURL SOCKS5 Heap Overflow Vulnerability

cURL is a network data transfer project. Usually when we say cURL, we mean the cURL command line tool. cURL's underlying use is the libcurl library. A heap overflow vulnerability exists in cURL SOCKS5, which can be exploited by an attacker to construct a malicious hostname and cause code executio...