Verizon 5G Home LVSKIHP 信任管理问题漏洞

The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in the Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version...

AMD CPU 安全漏洞

AMD CPUs are a family of CPUs from Ultraviolet Semiconductor AMD. The AMD CPUs suffer from a security vulnerability that stems from a faulty training branch prediction of a return instruction that may allow execution of arbitrary speculative code under certain microarchitecture-related conditions...

Russia Hackers Abusing BRc4 Red Team Penetration Tool in Recent Attacks

By Deeba Ahmed Palo Alto Networks Unit 42 security researchers have discovered that Russian state-sponsored hackers are abusing the latest Brute… This is a post from HackRead.com Read the original post: Russia Hackers Abusing BRc4 Red Team Penetration Tool in Recent Attacks...

CVE-2022-20082

In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730...

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated wit...

Google Android 竞争条件问题漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which arises from the concurrent execution of competing conditions in the GPU using incorrectly synchronized shared resources, and can be exploited by an attacker to remote...

MariaDB 安全漏洞

MariaDB is a free and open source database management system from the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.MariaDB has a security vulnerability that stems from a segmentation error found through the component stselectlexunit::excludelevel. No...

CVE-2022-33023

CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong...

New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape CVE-2022-30137,...

Motorola Solutions ACE1000 授权问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit RTU from Motorola USA. The Motorola Solutions ACE1000 RTU version suffers from an authorization issue vulnerability that stems from the fact that the affected product's SSH service is controlled by five pre-configured accounts, all of which...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit RTU from Motorola Solutions USA. The Motorola Solutions ACE1000 RTU is vulnerable to a data forgery issue, which arises from an attacker communicating with the Motorola ACE1000 RTU via SSH or Web UI, who could push a malicious firmware imag...

Espressif ESP-IDF 缓冲区错误漏洞

Espressif ESP-IDF is an IoT development framework from China Lexin Information Technology Espressif.A memory corruption vulnerability exists in Espressif ESP-IDF, which stems from not checking the SegN field of the Transaction Start PDU, and can be exploited by an attacker during configuration to...

Jenkins Plugin xUnit 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins Plugin xUnit 3.0.8 and earlier versions, which can be exploited by an attacker...

Jenkins 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins JUnit Plugin 1119.vaa5e9068dad7...

CVE-2022-23074

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and...

Cross site scripting

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and...

Malicious code in token-unit-es5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47a5022d856e0cd71649b175473b5cf7ff9192dfdcc69d01bdadf1ac9c05b7e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6601 Malicious code in token-unit-es5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47a5022d856e0cd71649b175473b5cf7ff9192dfdcc69d01bdadf1ac9c05b7e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2014-125019

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decodenalunit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix thi...