52 matches found
Overlapping Data in Network Protocols: Bridging OS and NIDS Reassembly Gap
IPv4, IPv6, and TCP have a common mechanism allowing one to split an original data packet into several chunks. Such chunked packets may have overlapping data portions and, OS network stack implementations may reassemble these overlaps differently. A Network Intrusion Detection System NIDS that...
PT-2025-20479
Name of the Vulnerable Software and Affected Versions ASUS DriverHub versions prior to 1.0.6.0 Description An insufficient validation issue exists in ASUS DriverHub. This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. The issue may allow...
PT-2025-15192 Ā· Qualcomm Ā· Snapdragon
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when invoking an IOCTL map buffer request from userspace. This can potentially lead to unintended system behavior. Recommendations: At the...
PT-2025-29159 Ā· Honeywell Ā· Experion Pks HcaĀ +9
Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS versions prior to 520.2 TCU9 HF1 and versions prior to 530 TCU3 Honeywell OneWireless WDM versions 322.1 through 322.4 Honeywell OneWireless WDM versions 330.1 through 330.3 Honeywell Experion PKS C300, FIM4, FIM8, UOC,...
CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...
CVE-2024-5823
A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-30110
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways...
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...
CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...
CVE-2023-21641
An app with non-privileged access can change global system brightness and cause undesired system behavior...
CVE-2023-21641
CVE-2023-21641 concerns Qualcomm display-related code. A local attacker with non-privileged access can change the deviceās global brightness, leading to undesired system behavior. The vulnerability is categorized as Moderate in Qualcomm/Pixel entries, and public documentation indicates exposure i...
PT-2023-18305 Ā· Qualcomm Ā· SnapdragonĀ +15
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: An app with non-privileged access can change global system brightness and cause undesired system behavior. Recommendations: At the moment, there is no information about a newer...
CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor
The US Cybersecurity and Infrastructure Security Agency CISA has an urgent message for US businesses: watch out for Volt Typhoon, a threat actor sponsored by the Peoples Republic of China PRC. The agency's joint Cybersecurity Advisory CSA published last week highlights a cluster of tactics,...
TWAP array can be artificially filled up with the most recent quote
Lines of code Vulnerability details A malicious user can run updateTWAV on each block, quickly replacing all four values of the twavObservations array with the most recent valuation. I.e. the time weighted averaging essence of the recorded price can be directly reduced to always be just most rece...
SUSE-SU-2018:1549-1 Security update for the Linux Kernel (Live Patch 27 for SLE 12)
This update for the Linux Kernel 3.12.61-5292 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel ...
Debian DLA-160-1 : sudo security update
This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able t...
DLA-160-1 sudo - security update
Bulletin has no description...
Debian DSA-3167-1 : sudo - security update
Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the...