Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

CVE-2024-25724

The vulnerability CVE-2024-25724 affects RTI Connext® Professional versions 5.3.1 through 6.1.0, with a buffer overflow in XML parsing across Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service. The underlying issue allows an attacker to execute code with the privileg...

CVE-2021-25394

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised...

CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. Th...

CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI formerly InTouch Machine Edition prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine...

Sql injection

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this...

CVE-2018-7065

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this...

Stack overflow

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI formerly InTouch Machine Edition versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read...

F5 Networks BIG-IP : big3d vulnerability (K82038789)

The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. C Tenable Network Security, Inc. The descriptiv...

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...

CVE-2016-10296

An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

UBUNTU-CVE-2017-0537

An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18...

DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges an...

Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors

SUMMARY Multiple security issues have been identified in HP Autonomy's Keyview Content Filter libraries. Symantec has updated the Keyview modules being shipped with Symantec products in response to these issues. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...

Cobalt RaQ 2.03.04.0 XTR - MultiFileUpload.php Authentication Bypass (1)

Cobalt RaQ 2.03.04.0 XTR - MultiFileUpload.php Authentication Bypass 1 source: https://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently...

NetBSD Security Advisory 2002-001 Close-on-exec, SUID and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-001 ================================= Topic: Close-on-exec, SUID and ptrace2 Version: NetBSD-current: prior to January 14, 2002 NetBSD-1.5.: affected up to and including 1.5.2 NetBSD-1.4.: affected up to and including 1.4.3 Severity...

AIX 4.1/4.2 - 'pdnsd' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/3237/info The Source Code Browser's Program Database Name Server Daemon pdnsd component of the C Set ++ compiler for AIX contains a remotely exploitable buffer overflow. This vulnerability allows local or remote attackers to compromise root privileges ...