Lucene search
K

61 matches found

Cvelist
Cvelist
added 2022/02/03 1:55 a.m.31 views

CVE-2021-33625

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses...

7.9AI score0.00314EPSS
Exploits0References4
Redos
Redos
added 2022/02/01 12:0 a.m.8 views

ROS-20220125-19

The XFS file system vulnerability is due to the OS kernel incorrectly imposing security restrictions security restrictions. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information on the system...

5.5CVSS7.2AI score0.00286EPSS
Exploits0
OSV
OSV
added 2022/01/19 1:15 a.m.5 views

CVE-2022-22161

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipte...

7.5CVSS7.1AI score0.00972EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 1:15 a.m.5 views

CVE-2022-22168

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead t...

6.5CVSS6.6AI score0.00391EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.8 views

CVE-2022-22168

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead t...

6.5CVSS6.6AI score0.00391EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.9 views

CVE-2022-22161

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipte...

7.5CVSS7.1AI score0.00972EPSS
Exploits0References2Affected Software1
Microsoft Secure
Microsoft Secure
added 2021/03/30 3:0 p.m.42 views

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks targeting areas of computing that don’t have the protection of the cloud. New data shows that firmware attacks are on the rise, and businesses aren’t paying close enough attention to securing this...

Exploits0
NVD
NVD
added 2020/10/13 10:15 p.m.26 views

CVE-2020-12933

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS e.g. version 26.20.15029.27017. A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a...

5.5CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/13 9:11 p.m.36 views

CVE-2020-12933

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS e.g. version 26.20.15029.27017. A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a...

5.2AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2020/10/13 9:11 p.m.69 views

CVE-2020-12933

CVE-2020-12933 describes a denial-of-service in the D3DKMTEscape handler of the AMD ATIKMDAG.SYS driver (e.g., version 26.20.15029.27017). A crafted D3DKMTEscape request can trigger an out-of-bounds read in Windows kernel memory, with exploitation possible from a non-privileged/guest context. Pub...

5.5CVSS5.2AI score0.00338EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/01/28 10:58 p.m.100 views

New ‘CacheOut’ Attack Targets Intel CPUs

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...

2.1CVSS1AI score0.00587EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2020/01/28 4:36 p.m.91 views

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

5.5CVSS0.9AI score0.00587EPSS
Exploits0
CNVD
CNVD
added 2018/10/19 12:0 a.m.2 views

Amazon Kindle Fire HD(3rd) Fire OS Denial of Service Vulnerability (CNVD-2019-27568)

The Amazon Kindle Fire HD 3rd is the third generation of the Fire tablet product from Amazon.com USA, for which Fire OS is the operating system used. A denial of service vulnerability exists in kernel/omap/drivers/rpmsg/rpmsgomx.c in the kernel component of the Amazon Kindle Fire HD3rd Fire OS. A...

4.9CVSS6.7AI score0.00628EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2018/01/07 11:21 p.m.67 views

Experts Weigh In On Spectre Patch Challenges

The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...

4.7CVSS7.2AI score0.93838EPSS
Exploits13References7
Prion
Prion
added 2016/04/13 3:59 p.m.23 views

Memory corruption

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

2.1CVSS6.3AI score0.00413EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/04/13 3:0 p.m.41 views

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

5.4AI score0.00381EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2015/04/05 9:0 p.m.43 views

CVE-2015-0777

drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 aka the Xen 3.4.x support patches for the Linux kernel 2.6.18, as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory...

2.1CVSS6.6AI score0.00413EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2014/10/20 12:0 a.m.29 views

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

7.5CVSS7.8AI score0.00987EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/06 12:0 a.m.89 views

KSplice : Installed Patches

Ksplice is being used to maintain the remote host's operating system kernel without requiring reboots. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65047; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/06/17";...

5.4AI score
Exploits0References1
Metasploit
Metasploit
added 2012/11/16 6:20 p.m.31 views

SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure

This module attempts to identify software, OS and DB versions through the SAP function THSAPREL using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspire...

0.3AI score
Exploits0
Rows per page
Query Builder