Lucene search
K

5103 matches found

Cvelist
Cvelist
added 2022/07/18 10:45 p.m.25 views

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

5.8AI score0.00215EPSS
Exploits1References1
CVE
CVE
added 2022/07/18 10:45 p.m.69 views

CVE-2022-34643

The CVE-2022-34643 entry concerns RISCV ISA Sim. Affected component: the riscv-isa-sim project, specifically commit ac466a21df442c59962589ba296c702631e041b5. Root cause: an incorrect exception prioritization when accessing memory. Impact: the uncertainty/incorrect handling of memory-access except...

5.5CVSS5.5AI score0.00215EPSS
Exploits1References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/07/08 7:0 a.m.11 views

How to Build and Enable a Cyber Target Operating Model

Cybersecurity is complex and ever-changing. Organisations should be able to evaluate their capabilities and identify areas where improvement is needed. In the webinar “Foundational Components to Enable a Cyber Target Operating Model,” – part two of our Cybersecurity Series – Jason Hart, Chief...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2022/07/06 1:11 p.m.24 views

CVE-2022-23173 Priority - Priority web Insecure direct object references (IDOR)

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get a...

5.5CVSS6.5AI score0.0046EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.4 views

Priority Software Priority 安全漏洞

Priority Software Priority is an ERP solution from Priority Software, Israel. A security vulnerability exists in Priority Software Priority. An attacker could exploit the vulnerability to gain access to certain functionality that the web application is unable to perform until a parameter change i...

6.5CVSS6.6AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.4 views

Priority Software Priority 授权问题漏洞

Priority Software Priority is an ERP solution from Priority Software, Israel. A security vulnerability exists in Priority Software Priority. An attacker could exploit the vulnerability to verify which users are in the system and which are not...

5.5CVSS5.2AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2022/06/28 12:0 a.m.15 views

GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

8.7CVSS7.4AI score0.02042EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/06/28 12:0 a.m.19 views

SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS1.3AI score0.02042EPSS
Exploits0References5Affected Software2
hivepro
hivepro
added 2022/06/16 6:15 a.m.13 views

Security updates for Adobe Illustrator June 2022

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Adobe has released security updates in Adobe Illustrator that addresses critical vulnerabilities at priority 3 as per Adobe. These vulnerabilities could lead to arbitrary code execution on target systems...

2.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/07 9:47 p.m.19 views

Ransomware Task Force priorities see progress in first year

This blog is part of our live coverage from RSA Conference 2022: US President Joseph R. Biden Jr., The White House, and law enforcement agencies across the world paid close attention last year when a group of more than 60 cybersecurity experts launched the Ransomware Task Force, heeding the group...

0.4AI score
Exploits0
Amazon
Amazon
added 2022/06/07 12:0 a.m.77 views

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

8.1CVSS8.1AI score0.07546EPSS
Exploits1
OSV
OSV
added 2022/05/17 3:2 a.m.7 views

GHSA-H3Q4-6J7F-R24C priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

8.7CVSS7.3AI score0.01792EPSS
Exploits0References6
Kitploit
Kitploit
added 2022/04/26 9:30 p.m.24 views

VulFi - Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries

The VulFi Vulnerability Finder tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions such as strcpy, sprintf, system, etc.. For cases where a Hexrays...

6.6AI score
Exploits0References4
HackRead
HackRead
added 2022/04/18 2:53 p.m.13 views

9 Steps Necessary for Infrastructure Security

By Waqas The ever-present threat of cyber security attacks has made IT infrastructure security a priority for most businesses. Cybercriminals… This is a post from HackRead.com Read the original post: 9 Steps Necessary for Infrastructure Security...

1.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/03/28 12:0 a.m.11 views

March 28, 2022—KB5011563 (OS Build 22000.593) Preview

March 28, 2022—KB5011563 OS Build 22000.593 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11 original release, see its update history page.Note Follow @WindowsUpdate to...

6.9AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.12 views

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

7.5CVSS7.1AI score0.01333EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.9 views

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...

7.5CVSS7.2AI score0.01333EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.25 views

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...

7.6AI score0.01333EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.4 views

swift-nio-http2 安全漏洞

swift-nio-http2 is a SwiftPM project that can be built and tested very easily. A security vulnerability exists in swift-nio-http2 that stems from the fact that programs that use swift-nio-http2 are susceptible to a denial-of-service attack, which is caused by a network peer sending a specially...

7.5CVSS7.2AI score0.01333EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.2 views

PT-2022-16784 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.1 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack is caused by a logical erro...

7.5CVSS7.3AI score0.01333EPSS
Exploits0References8
Rows per page
Query Builder