Lucene search
K

52 matches found

Packet Storm News
Packet Storm News
•added 2025/04/30 12:0 a.m.•4 views

Overlapping Data in Network Protocols: Bridging OS and NIDS Reassembly Gap

IPv4, IPv6, and TCP have a common mechanism allowing one to split an original data packet into several chunks. Such chunked packets may have overlapping data portions and, OS network stack implementations may reassemble these overlaps differently. A Network Intrusion Detection System NIDS that...

7AI score
Exploits0
Positive Technologies
Positive Technologies
•added 2025/04/09 12:0 a.m.•3 views

PT-2025-20479

Name of the Vulnerable Software and Affected Versions ASUS DriverHub versions prior to 1.0.6.0 Description An insufficient validation issue exists in ASUS DriverHub. This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints. The issue may allow...

9.4CVSS8.5AI score0.00815EPSS
Exploits0References33
Positive Technologies
Positive Technologies
•added 2025/04/07 12:0 a.m.•10 views

PT-2025-15192 Ā· Qualcomm Ā· Snapdragon

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when invoking an IOCTL map buffer request from userspace. This can potentially lead to unintended system behavior. Recommendations: At the...

6.6CVSS6.5AI score0.00096EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2025/03/12 12:0 a.m.•3 views

PT-2025-29159 Ā· Honeywell Ā· Experion Pks HcaĀ +9

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS versions prior to 520.2 TCU9 HF1 and versions prior to 530 TCU3 Honeywell OneWireless WDM versions 322.1 through 322.4 Honeywell OneWireless WDM versions 330.1 through 330.3 Honeywell Experion PKS C300, FIM4, FIM8, UOC,...

6.5CVSS6.1AI score0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2024/10/29 12:48 p.m.•14 views

CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

6.5CVSS7.3AI score0.00527EPSS
Exploits1References2
CVE
CVE
•added 2024/10/29 12:48 p.m.•65 views

CVE-2024-5823

A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...

9.1CVSS7.1AI score0.00527EPSS
Exploits1References2Affected Software1
NVD
NVD
•added 2024/10/23 6:15 p.m.•16 views

CVE-2024-20485

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...

6.7CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2024/10/23 5:52 p.m.•10 views

CVE-2024-20485

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...

6CVSS7.5AI score0.00198EPSS
Exploits0References1
NVD
NVD
•added 2024/06/28 7:15 a.m.•20 views

CVE-2024-30110

HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways...

9.8CVSS0.00462EPSS
Exploits0References1
Github Security Blog
Github Security Blog
•added 2024/03/12 9:30 p.m.•29 views

Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

9.9CVSS6.9AI score0.56934EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
•added 2024/03/12 6:18 p.m.•33 views

CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

8.4CVSS8.5AI score0.56934EPSS
Exploits0References3
NVD
NVD
•added 2023/07/04 5:15 a.m.•35 views

CVE-2023-21641

An app with non-privileged access can change global system brightness and cause undesired system behavior...

7.8CVSS7.1AI score0.00113EPSS
Exploits0References1
CVE
CVE
•added 2023/07/04 4:46 a.m.•97 views

CVE-2023-21641

CVE-2023-21641 concerns Qualcomm display-related code. A local attacker with non-privileged access can change the device’s global brightness, leading to undesired system behavior. The vulnerability is categorized as Moderate in Qualcomm/Pixel entries, and public documentation indicates exposure i...

7.8CVSS6.8AI score0.00113EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
•added 2023/07/04 12:0 a.m.•4 views

PT-2023-18305 Ā· Qualcomm Ā· SnapdragonĀ +15

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: An app with non-privileged access can change global system brightness and cause undesired system behavior. Recommendations: At the moment, there is no information about a newer...

7.8CVSS7.7AI score0.00113EPSS
Exploits0References3
Malwarebytes
Malwarebytes
•added 2023/05/31 11:45 a.m.•14 views

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

The US Cybersecurity and Infrastructure Security Agency CISA has an urgent message for US businesses: watch out for Volt Typhoon, a threat actor sponsored by the Peoples Republic of China PRC. The agency's joint Cybersecurity Advisory CSA published last week highlights a cluster of tactics,...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•12 views

TWAP array can be artificially filled up with the most recent quote

Lines of code Vulnerability details A malicious user can run updateTWAV on each block, quickly replacing all four values of the twavObservations array with the most recent valuation. I.e. the time weighted averaging essence of the recorded price can be directly reduced to always be just most rece...

6.5AI score
Exploits0
OSV
OSV
•added 2018/06/05 2:45 p.m.•7 views

SUSE-SU-2018:1549-1 Security update for the Linux Kernel (Live Patch 27 for SLE 12)

This update for the Linux Kernel 3.12.61-5292 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel ...

7.8CVSS7.1AI score0.18404EPSS
Exploits9References8
Tenable Nessus
Tenable Nessus
•added 2015/03/26 12:0 a.m.•33 views

Debian DLA-160-1 : sudo security update

This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able t...

6.6CVSS5.9AI score0.0047EPSS
Exploits3References4
OSV
OSV
•added 2015/02/27 12:0 a.m.•29 views

DLA-160-1 sudo - security update

Bulletin has no description...

6.6CVSS4.4AI score0.0047EPSS
Exploits3
Tenable Nessus
Tenable Nessus
•added 2015/02/23 12:0 a.m.•25 views

Debian DSA-3167-1 : sudo - security update

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the...

3.3CVSS5.5AI score0.0047EPSS
Exploits1References4
Rows per page
Query Builder