Lucene search
K

2528 matches found

Packet Storm
Packet Storm
added 2018/07/18 12:0 a.m.51 views

JavaScript Core Arbitrary Code Execution

// Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new Uint8Arrayconva; var floatarrmagic = new...

5.1CVSS0.3AI score0.12472EPSS
Exploits3
OSV
OSV
added 2018/07/13 8:29 p.m.3 views

CVE-2016-6559

Improper bounds checking of the obuf variable in the linkntoa function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by...

9.8CVSS7.3AI score0.03699EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2018/07/12 8:29 p.m.20 views

Koji hub call does not perform correct access checks

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.1CVSS4.2AI score0.01667EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/07/12 8:29 p.m.15 views

GHSA-6MWW-XVH7-FQ4F Koji hub call does not perform correct access checks

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.3CVSS9.1AI score0.01667EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/07/12 4:14 p.m.6 views

openssl: Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.78675EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/07/12 4:14 p.m.6 views

openssl: Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.9AI score0.78675EPSS
Exploits1References5
NVD
NVD
added 2018/07/06 5:29 p.m.24 views

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

7.7CVSS7.2AI score0.00197EPSS
Exploits0References1
Veracode
Veracode
added 2018/07/04 8:14 a.m.29 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to an out-of-bounds read/write vulnerability in the Chakra JIT which could lead to memory corruption and allow an attacker to execute code in the context of the current user. This CVE ID is different from CVE-2018-0758,...

7.5CVSS7.9AI score0.80799EPSS
Exploits26References6Affected Software2
android
android
added 2018/07/01 12:0 a.m.43 views

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

3.6CVSS2.5AI score0.00197EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/06/19 4:58 a.m.4 views

kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism

The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via an application that opens the...

7.8CVSS7.2AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2017-7782

An error in the "WindowsDllDetourPatcher" where a RWX "Read/Write/Execute" 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird 52.3, Firefox...

5.3CVSS7.3AI score0.01079EPSS
Exploits0References6
Prion
Prion
added 2018/06/11 9:29 p.m.24 views

Code injection

An error in the "WindowsDllDetourPatcher" where a RWX "Read/Write/Execute" 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird 52.3, Firefox...

5CVSS6.2AI score0.01079EPSS
Exploits0References6Affected Software3
CNVD
CNVD
added 2018/06/07 12:0 a.m.4 views

CloudBees Jenkins Black Duck Hub Plugin Incorrect Authorization Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Black Duck Hub Plugin is used in one...

8.1CVSS7.9AI score0.00837EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/06 12:0 a.m.3 views

Jenkins path traversal vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

8.1CVSS7.8AI score0.02612EPSS
Exploits0References1
CVE
CVE
added 2018/06/05 9:0 p.m.112 views

CVE-2018-1000194

CVE-2018-1000194 describes a path traversal vulnerability in Jenkins pre-2.121/2.107.3 LTS due to flaws in FilePath.java and SoloFilePathFilter.java. The issue allows unauthenticated agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem p...

8.1CVSS7.9AI score0.02612EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2018/06/05 9:47 a.m.2 views

IoT Botnets Found Using Default Credentials for C&C Server Databases

Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers don't take best security measures to keep their infrastructure safe. A variant of IoT botnet, called Owari , that relies on default or weak credentials to hack insecure...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/05/10 12:0 a.m.7 views

PT-2018-18413

Name of the Vulnerable Software and Affected Versions: HWiNFO AMD64 Kernel driver version 8.98 and lower Description: The issue allows an unprivileged user to send an IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write...

7.1CVSS7AI score0.00437EPSS
Exploits1References4
CNVD
CNVD
added 2018/05/08 12:0 a.m.2 views

Fortinet FortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in versions 7.0.11 and earlier of Fortinet FortiWLC. An attacker can exploit this vulnerability via a remote shell to gain unauthorized read/write access...

10CVSS7.1AI score0.02105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/05/07 12:0 a.m.8 views

PT-2018-25: Improper Authorization in PRTG Network Monitor

The specialists of the Positive Research center have detected an Improper Authorization vulnerability in PRTG Network Monitor. Vulnerability due to improper validation of user rights allows attackers with read-only privileges to create users with read-write privileges including administrators via...

8.8CVSS8.8AI score0.0087EPSS
Exploits0References4
CNVD
CNVD
added 2018/04/25 12:0 a.m.5 views

Google Android has an unspecified vulnerability (CNVD-2018-10037)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9625 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

10CVSS7AI score0.01169EPSS
Exploits0References1
Rows per page
Query Builder