672 matches found
Breaking the Gaussian Barrier: Residual-PAC Privacy for Automatic Privatization
The Probably Approximately Correct PAC Privacy framework 1 provides a powerful instance-based methodology for certifying privacy in complex data-driven systems. However, existing PAC Privacy algorithms rely on a Gaussian mutual information upper bound. We show that this is in general too...
CVE-2021-43269
In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...
CVE-2020-8684
Improper access control in firmware for IntelR PAC with ArriaR 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access...
Exploit for Out-of-bounds Write in Apple Macos
CVE-2025-31200 & CVE-2025-31201 | iMessage Zero-Click RCE Chai...
Linux Distros Unpatched Vulnerability : CVE-2017-6410
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic...
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...
libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow
A vulnerability was found in libproxy, where a buffer overflow can occur if a server serving a PAC file sends more than 102400 bytes without a Content-Length header, this flaw allows an attacker to trigger an overflow of PACHTTPBLOCKSIZE 512 bytes, potentially leading to application crashes or...
CVE-2020-25719
...
Siemens SENTRON PAC Meter Authentication Error Vulnerability
The SENTRON PAC Meter is a power measurement device for precise energy management and transparent information acquisition. An authentication error vulnerability exists in the Siemens SENTRON PAC Meter, which can be exploited by an attacker to bypass authentication via brute force attack or by...
Advisory ROSA-SA-2024-2492
Software: krb5 1.15.1 OS: rosa-server79 packageevrstring: krb5-1.15.1-55.res7 CVE-ID: CVE-2022-42898 BDU-ID: 2022-06933 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the PAC Privileged Attribute Certificate parameters of the krb5parsepac function of the Heimdal and MIT Kerberos packets of the...
krb5 security update
1.15.1-55.0.3 - Length check when parsing GSS token encapsulation Orabug: 36927256 - Add a simple DER support header Orabug: 36927256 - Fix vulnerabilities in GSS message token handling Orabug: 36927256 1.15.1-55.0.1 - Add recursion limit for ASN.1 indefinite lengths Orabug: 32582360 1.15.1-55 -...
MS14-068 Microsoft Kerberos Checksum Validation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS14-068 Microsoft Kerberos Checksum Validation Vulnerability', 'Description' = %q This module exploits a vulnerability in the Microsoft Kerberos...
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2273)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : kdelibs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: prints passwords contained in HTTP URLs in error messages CVE-2013-2074 - kf5-kio, kdelibs:...
The vulnerability of GE HealthCare EchoPAC medical software lies in the incorrect granting of permissions for critical resources, allowing an intruder to gain unauthorized access to protected information, enhance their privileges, or execute arbitrary codes.
The vulnerability of GE HealthCare EchoPAC medical software is related to the incorrect granting of permissions for critical resources. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information, increase their privileges, or execute arbitrary code...
DL1 bug fix and enhancement update
An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...
Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability
SENTRON PAC Meter products are power measurement devices for precise energy management and transparent information acquisition. An improper access control vulnerability exists in the Siemens SENTRON 7KM PAC3x20 Devices due to read protection not being properly set on the internal flash memory of...
CVE-2024-21483
A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC 7KM3120-0BA01-1DA0 All versions = V3.2.3 = V3.2.3 = V3.2.3 = V3.2.3 V3.2.4 only when manufactured between LQN231003... and LQN231215... with LQNYYMMDD.... The read out protection of the internal flash of affected devices was not...
openSUSE: Security Advisory for connman (openSUSE-SU-2023:0369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for krb5 (SUSE-SU-2023:0198-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...