Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

CVE-2024-25724

The vulnerability CVE-2024-25724 affects RTI Connext® Professional versions 5.3.1 through 6.1.0, with a buffer overflow in XML parsing across Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service. The underlying issue allows an attacker to execute code with the privileg...

CVE-2021-25394

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised...

CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. Th...

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

Sql injection

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this...

CVE-2018-7065

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this...

Stack overflow

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI formerly InTouch Machine Edition versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read...

F5 Networks BIG-IP : big3d vulnerability (K82038789)

The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. C Tenable Network Security, Inc. The descriptiv...

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

The vulnerability of the Qualcomm Wi-Fi driver for the Android operating system allows a hacker to execute arbitrary code.

The vulnerability of Qualcomm Wi-Fi driver in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

CVE-2016-10296

An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Android operating system’s network driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the kernel context of the local malware. This issue is considered “high” because it...

UBUNTU-CVE-2017-0537

An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the MediaTek driver for the Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code of a local malware application within the kernel context. This issue is considered “high” because i...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerabilities of MediaTek components, including the temperature control driver and the Android operating system’s video driver, are related to access control deficiencies. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary local malware code within the kernel...

DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges an...

Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors

SUMMARY Multiple security issues have been identified in HP Autonomy's Keyview Content Filter libraries. Symantec has updated the Keyview modules being shipped with Symantec products in response to these issues. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...

Cobalt RaQ 2.03.04.0 XTR - MultiFileUpload.php Authentication Bypass (1)

Cobalt RaQ 2.03.04.0 XTR - MultiFileUpload.php Authentication Bypass 1 source: https://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently...

NetBSD Security Advisory 2002-001 Close-on-exec, SUID and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-001 ================================= Topic: Close-on-exec, SUID and ptrace2 Version: NetBSD-current: prior to January 14, 2002 NetBSD-1.5.: affected up to and including 1.5.2 NetBSD-1.4.: affected up to and including 1.4.3 Severity...