16 matches found
EUVD-2019-2353
Malware in sbrugna...
EUVD-2020-30109
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-32366
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and...
CVE-2025-6435
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...
CVE-2020-9282
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...
CVE-2019-10549
Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937,...
CVE-2019-5093
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...
Amazon Linux 2 : gnome-shell (ALAS-2024-2714)
The version of gnome-shell installed on the remote host is prior to 3.28.3-34. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2714 advisory. In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network respons...
MGASA-2024-0314 Updated gnome-shell packages fix security vulnerability
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...
VMware Carbon Black Delivers High-Fidelity Insight at Every Step of MITRE Engenuity ATT&CK® Evaluation
For the third year in a row, VMware Carbon Black today announced its participation in MITRE Engenuity’s third annual ATT&CK® Evaluations with VMware Carbon Black Cloud. VMware Carbon Black Cloud delivered robust telemetry coverage with correlated, high-fidelity alerts at each and every step of th...
MTN Group: OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions
Summary: https://play.mtn.co.za/ authenticates subscribers via OTP before their subscriptions to be changed. However, the request which sends the OTP also returns the OTP in the network response, allowing an attacker to manage a user's usbscriptions. Steps To Reproduce: 1. Visit...
CVE-2019-5093
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability...
LEAD Technologies LEADTOOLS Code Execution Vulnerability
LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A code execution vulnerability in the DICOM network response function of the libltdic.so library in LEAD Technologies LEADTOOLS version 20.0.2019.3.15 can be exploited by an attacker to cause an integer...
Buffer overflow
Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by 1 a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, 2 a network response to AXPlayer.ocx in the...
CiscoWorks Internetwork Performance Monitor远程命令执行漏洞
BUGTRAQ ID: 28249 CVECAN ID: CVE-2008-1157 CiscoWorks IPM是可测量网络响应时间和可用性的故障检测应用。 Solaris和Windows平台上的的IPM 2.6版中的一个进程可导致将命令shell自动绑定到随机选择的TCP端口上,未经认证的远程用户可以连接到开放的端口上并在Solaris系统上以casuser权限或在Windows系统上以SYSTEM权限执行任意命令。 Cisco Internetwork Performance Monitor 2.6 厂商补丁: Cisco -----...
CVE-2024-36472
In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...