Lucene search
K

115 matches found

UbuntuCve
UbuntuCve
added 2024/08/02 12:0 a.m.31 views

CVE-2024-42458

server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...

9.8CVSS5.9AI score0.0083EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/02 12:0 a.m.28 views

CVE-2024-42458

server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...

0.0083EPSS
Exploits0References6
CVE
CVE
added 2024/08/02 12:0 a.m.70 views

CVE-2024-42458

Summary: CVE-2024-42458 affects Neat VNC (neatvnc) servers prior to 0.8.1. The issue, tracked in multiple sources, is that server.c does not properly validate the security type, a related problem to CVE-2006-2369. Impact (as stated): high confidentiality, integrity, and availability impact per CV...

9.8CVSS6.4AI score0.0083EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2024/08/02 12:0 a.m.36 views

CVE-2024-42458

server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...

9.8CVSS6.9AI score0.0083EPSS
Exploits0
OSV
OSV
added 2024/06/25 1:2 p.m.15 views

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS6.9AI score0.00161EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/30 1:32 p.m.3 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/04/15 1:45 a.m.3 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.145 views

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...

6.8AI score0.00335EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/03/20 9:49 a.m.373 views

Exploit for Improper Input Validation in Microsoft

CVE-2023-23397-PoW Proof of Work of CVE-2023-23397 for vulnera...

9.8CVSS10AI score0.97408EPSS
Exploits18
Microsoft CVE
Microsoft CVE
added 2024/03/04 8:0 a.m.6 views

ksmbd: validate mech token in session setup

...

7.1CVSS7AI score0.78388EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/01/12 1:5 p.m.30 views

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2024/01/10 10:3 p.m.16 views

CVE-2023-40383

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...

5.4AI score0.00219EPSS
Exploits0References1
Citrix
Citrix
added 2023/08/11 12:0 a.m.7 views

Microsoft Security Update Validation Report August 2023

Microsoft’s August 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues August still be found upon implementation. Follow best practices for testing and installing...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/09 11:36 a.m.29 views

Continuous Security Validation with Penetration Testing as a Service (PTaaS)

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center SOC, it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.33 views

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access (CVE-2021-1228)

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

7.4CVSS6.6AI score0.00373EPSS
Exploits0References2
Citrix
Citrix
added 2023/07/12 12:0 a.m.7 views

Microsoft Security Update Validation Report July 2023

Microsoft’s July 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

7AI score
Exploits0
Cvelist
Cvelist
added 2023/06/06 3:13 p.m.19 views

CVE-2023-32289

The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS7.9AI score0.00227EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.9 views

Rebalance amounts should be checked so that updated balances falls within thresholds

Lines of code Vulnerability details Rebalance amounts should be checked so that updated balances falls within thresholds Rebalance operations are allowed when the current percentage of xETH in the Curve pool is outside the defined thresholds. However, there is no check to ensure that the amount o...

6.6AI score
Exploits0
Citrix
Citrix
added 2023/05/11 12:0 a.m.7 views

Microsoft Security Update Validation Report May 2023

Microsoft’s May 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/03/01 12:0 a.m.14 views

menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit shortcode: redirect duration="1"...

5.4CVSS5.4AI score0.00462EPSS
Exploits2Affected Software1
Rows per page
Query Builder