Lucene search
+L

672 matches found

packetstormnews
packetstormnews
added 2025/06/06 12:0 a.m.6 views

Breaking the Gaussian Barrier: Residual-PAC Privacy for Automatic Privatization

The Probably Approximately Correct PAC Privacy framework 1 provides a powerful instance-based methodology for certifying privacy in complex data-driven systems. However, existing PAC Privacy algorithms rely on a Gaussian mutual information upper bound. We show that this is in general too...

6.8AI score
Exploits0
redhatcve
redhatcve
added 2025/05/22 9:35 p.m.10 views

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

8.8CVSS7.9AI score0.01339EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 5:12 p.m.8 views

CVE-2020-8684

Improper access control in firmware for IntelR PAC with ArriaR 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7.2AI score0.00322EPSS
Exploits0References1
githubexploit
githubexploit
added 2025/05/17 11:3 p.m.194 views

Exploit for Out-of-bounds Write in Apple Macos

CVE-2025-31200 & CVE-2025-31201 | iMessage Zero-Click RCE Chai...

7.5CVSS8.4AI score0.21922EPSS
Exploits6
nessus
nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2017-6410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic...

5.5CVSS6AI score0.00828EPSS
Exploits0References2
thn
thn
added 2024/11/25 11:24 a.m.7 views

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...

7.5AI score
Exploits0
redhat
redhat
added 2024/11/05 3:28 a.m.3 views

libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow

A vulnerability was found in libproxy, where a buffer overflow can occur if a server serving a PAC file sends more than 102400 bytes without a Content-Length header, this flaw allows an attacker to trigger an overflow of PACHTTPBLOCKSIZE 512 bytes, potentially leading to application crashes or...

9.8CVSS7.5AI score0.03569EPSS
Exploits0References4
mscve
mscve
added 2024/10/15 12:0 a.m.3 views

CVE-2020-25719

...

9CVSS7.2AI score0.01673EPSS
Exploits0
cnvd
cnvd
added 2024/10/10 12:0 a.m.4 views

Siemens SENTRON PAC Meter Authentication Error Vulnerability

The SENTRON PAC Meter is a power measurement device for precise energy management and transparent information acquisition. An authentication error vulnerability exists in the Siemens SENTRON PAC Meter, which can be exploited by an attacker to bypass authentication via brute force attack or by...

9.8CVSS6.8AI score0.00542EPSS
Exploits0References1
rosalinux
rosalinux
added 2024/10/03 9:16 p.m.25 views

Advisory ROSA-SA-2024-2492

Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.res7 CVE-ID: CVE-2022-42898 BDU-ID: 2022-06933 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PAC Privileged Attribute Certificate parameters of the krb5parsepac function of the Heimdal and MIT Kerberos packets of the...

8.8CVSS8.8AI score0.06419EPSS
Exploits1
oraclelinux
oraclelinux
added 2024/09/30 12:0 a.m.346 views

krb5 security update

1.15.1-55.0.3 - Length check when parsing GSS token encapsulation Orabug: 36927256 - Add a simple DER support header Orabug: 36927256 - Fix vulnerabilities in GSS message token handling Orabug: 36927256 1.15.1-55.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-55 -...

9.1CVSS8.5AI score0.40345EPSS
Exploits19
packetstorm
packetstorm
added 2024/08/31 12:0 a.m.247 views

MS14-068 Microsoft Kerberos Checksum Validation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS14-068 Microsoft Kerberos Checksum Validation Vulnerability', 'Description' = %q This module exploits a vulnerability in the Microsoft Kerberos...

9CVSS7AI score0.87448EPSS
Exploits8
openvas
openvas
added 2024/08/22 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.8AI score0.06419EPSS
Exploits1References2
nessus
nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 6 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: prints passwords contained in HTTP URLs in error messages CVE-2013-2074 - kf5-kio, kdelibs:...

5.5CVSS6.3AI score0.0198EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2024/05/22 12:0 a.m.8 views

The vulnerability of GE HealthCare EchoPAC medical software lies in the incorrect granting of permissions for critical resources, allowing an intruder to gain unauthorized access to protected information, enhance their privileges, or execute arbitrary codes.

The vulnerability of GE HealthCare EchoPAC medical software is related to the incorrect granting of permissions for critical resources. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information, increase their privileges, or execute arbitrary code...

7.2CVSS5.8AI score0.00343EPSS
Exploits0References4
rocky
rocky
added 2024/04/05 2:56 p.m.18 views

DL1 bug fix and enhancement update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

7.2AI score
Exploits0
cnvd
cnvd
added 2024/03/13 12:0 a.m.20 views

Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

SENTRON PAC Meter products are power measurement devices for precise energy management and transparent information acquisition. An improper access control vulnerability exists in the Siemens SENTRON 7KM PAC3x20 Devices due to read protection not being properly set on the internal flash memory of...

5.1CVSS6.5AI score0.00223EPSS
Exploits0References1
nvd
nvd
added 2024/03/12 11:15 a.m.13 views

CVE-2024-21483

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC 7KM3120-0BA01-1DA0 All versions = V3.2.3 = V3.2.3 = V3.2.3 = V3.2.3 V3.2.4 only when manufactured between LQN231003... and LQN231215... with LQNYYMMDD.... The read out protection of the internal flash of affected devices was not...

5.1CVSS4.4AI score0.00223EPSS
Exploits0References1
openvas
openvas
added 2024/03/04 12:0 a.m.19 views

openSUSE: Security Advisory for connman (openSUSE-SU-2023:0369-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.00964EPSS
Exploits1References2
openvas
openvas
added 2024/03/04 12:0 a.m.17 views

openSUSE: Security Advisory for krb5 (SUSE-SU-2023:0198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.06419EPSS
Exploits1References2
Rows per page
Query Builder