14 matches found
CVE-2024-41860 Adobe Substance 3D Sampler Memory Corruption Vulnerability I, when parsing PSD file
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...
Siemens SIMATIC WinCC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Wiz Research discovered CVE-2024-37032, an easy-to-exploit Remote Code Execution vulnerability in the open-source AI Infrastructure project Ollama...
Siemens SCALANCE X Switches Improper Neutralization of Input During Web Page Generation (CVE-2018-4848)
A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.3, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS...
Unbounded loop can block claim
Lines of code Vulnerability details Unbounded loop can block claim Impact There are no bounds on the number of rewardTokens in the loop, this can run out of gas due to cost of the operations. Proof Of Concept function claimERC20 producerToken, address user external ... uint256 rLen =...
Loss of Collateral Via Malicious Oracle
Lines of code Vulnerability details Issue: The oracle can be arbitrarily updated at any point in time by the lender. Consequences: A lender can inject a malicious oracle at any time and steal the collateral NFT at the cost of his loaned tokens. Proof of Concept Borrower requests loan with an hone...
Microsoft Exchange and Verkada Hacks: Isolate Your Apps and APIs from the Internet Cesspool
It's been an interesting start to March in terms of public security incidents. This month kicked off with multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. And, as if that wasn't enough, that attack was quickly followed by the news that a hacktivis...
Rockwell Automation 1734-AENTR Series B and Series C
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: 1734-AENTR Series B and Series C Vulnerabilities: Improper Access Control, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Rockwell Automation Allen-Bradley Micrologix 1100
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability...
Schneider Electric IGSS SCADA Software
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Path Traversal, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of...
Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations
Summary Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it...
Emerson AMS Device Manager
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: AMS Device Manager Vulnerabilities: Improper Access Control, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
ICSA-18-226-03 Siemens Automation License Manager
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Automation License Manager Vulnerabilities: Relative Path Traversal, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
CVE-2022-23164
...