Lucene search
K

3702 matches found

CERT
CERT
added 2025/01/17 12:0 a.m.39 views

Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)

Overview Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented ...

6.5CVSS6.5AI score0.28537EPSS
Exploits0References4
CERT
CERT
added 2025/01/14 12:0 a.m.39 views

Howyar Reloader UEFI bootloader vulnerable to unsigned software execution

Overview The Howyar UEFI Application "Reloader" 32-bit and 64-bit, distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure...

8.2CVSS9.5AI score0.01036EPSS
Exploits1References13
CERT
CERT
added 2025/01/14 12:0 a.m.14 views

Rsync contains six vulnerabilities

Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...

9.8CVSS8AI score0.72059EPSS
Exploits8
CERT
CERT
added 2024/12/11 12:0 a.m.17 views

PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement

Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy software to their target devices. The run mode "Deploy User" insecurely creates credentials on th...

7.7AI score
Exploits0References2
CERT
CERT
added 2024/10/23 12:0 a.m.34 views

Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...

8.8CVSS8.1AI score0.02548EPSS
Exploits1References6
CERT
CERT
added 2024/09/19 12:0 a.m.22 views

A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server

Overview A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework ASF that can lead to remote code execution. Description An implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The...

9.8CVSS9.6AI score0.01377EPSS
Exploits0References7
CERT
CERT
added 2024/08/30 12:0 a.m.29 views

Insecure Platform Key (PK) used in UEFI system firmware signature

Overview A vulnerability in the user of hard-coded Platform Keys PK within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling...

6.4CVSS6.8AI score0.0024EPSS
Exploits0References8
CERT
CERT
added 2024/07/30 12:0 a.m.27 views

Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information. Two vulnerabilities were identified that reduce the authentication and verification of the...

6.5CVSS6.6AI score0.00354EPSS
Exploits0References8
CERT
CERT
added 2024/07/09 12:0 a.m.66 views

RADIUS protocol susceptible to forgery attacks.

Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating...

9CVSS8.2AI score0.14859EPSS
Exploits2References4
CERT
CERT
added 2024/07/09 12:0 a.m.13 views

Use-after-free vulnerability in lighttpd version 1.4.50 and earlier

Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...

5.3CVSS5.8AI score0.00662EPSS
Exploits0References5
CERT
CERT
added 2024/04/30 12:0 a.m.72 views

BMC software fails to validate IPMI session.

Overview The Intelligent Platform Management Interface IPMI implementations in multiple manufacturer's Baseboard Management Controller BMC software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network with IPMI enabled can abuse the lack of session integrity to...

9.1CVSS8.1AI score0.00718EPSS
Exploits0References5
CERT
CERT
added 2024/04/29 12:0 a.m.34 views

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

8.8CVSS8.7AI score0.23618EPSS
Exploits0References3
CERT
CERT
added 2024/04/16 12:0 a.m.41 views

Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...

9.8CVSS9.7AI score0.01745EPSS
Exploits1References6
CERT
CERT
added 2024/04/10 12:0 a.m.106 views

Multiple programming languages fail to escape arguments properly in Microsoft Windows

Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Window...

10CVSS9.2AI score0.32568EPSS
Exploits14References8
CERT
CERT
added 2024/04/09 12:0 a.m.94 views

Linux kernel on Intel systems is susceptible to Spectre v2 attacks

Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection BHI are likely affected. An unauthenticated...

6.5CVSS7AI score0.08555EPSS
Exploits0References6
CERT
CERT
added 2024/04/03 12:0 a.m.118 views

HTTP/2 CONTINUATION frames can be utilized for DoS attacks

Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limi...

8.2CVSS8AI score0.94615EPSS
Exploits4References5
CERT
CERT
added 2024/03/19 12:0 a.m.90 views

Implementations of UDP-based application protocols are vulnerable to network loops

Overview A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols e.g., DNS, NTP, TFTP that can...

7.5CVSS7.4AI score0.32288EPSS
Exploits3References12
CERT
CERT
added 2024/03/14 12:0 a.m.39 views

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...

5.7CVSS6.3AI score0.01231EPSS
Exploits0References4
CERT
CERT
added 2024/03/07 12:0 a.m.63 views

Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks

Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...

9.8CVSS7.5AI score0.00503EPSS
Exploits0References2
CERT
CERT
added 2024/01/16 12:0 a.m.168 views

Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Overview Multiple vulnerabilities were discovered in the TCP/IP stack NetworkPkg of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface UEFI. Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote...

8.8CVSS8.7AI score0.02084EPSS
Exploits1References4
CERT
CERT
added 2024/01/16 12:0 a.m.41 views

GPU kernel implementations susceptible to memory leak

Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...

6.5CVSS6.2AI score0.01175EPSS
Exploits1References14
CERT
CERT
added 2024/01/16 12:0 a.m.62 views

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies

Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...

5.3CVSS6.3AI score0.02598EPSS
Exploits6References5
CERT
CERT
added 2023/12/06 12:0 a.m.75 views

Image files in UEFI can be abused to modify boot behavior

Overview Implementation of Unified Extensible Firmware Interface UEFI by Vendors provide a way to customize logo image displayed during the early boot phase. Binarly has uncovered vulnerabilities in the image parsing libraries that provide this capability. An attacker with local privileged access...

7.8CVSS6.5AI score0.01858EPSS
Exploits1References8
CERT
CERT
added 2023/09/12 12:0 a.m.73 views

Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP connection for the BGP session and de-peer the router. This is undesirable because a session reset impac...

6.8AI score
Exploits0References10
CERT
CERT
added 2023/09/06 12:0 a.m.43 views

Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information. Description CVE-2023-4498 is an authentication bypass vulnerability that enables an...

5.3CVSS5.9AI score0.0041EPSS
Exploits0References1
CERT
CERT
added 2023/08/28 12:0 a.m.13 views

Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account

Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...

7CVSS7AI score0.00347EPSS
Exploits1
CERT
CERT
added 2023/08/16 12:0 a.m.27 views

Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process

Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NTAUTHORITY/SYSTEM privileges. Description The vulnerability is a time-of-check time–of-use TOCTOU vulnerability. There existed a small...

7CVSS7.1AI score0.00298EPSS
Exploits0References2
CERT
CERT
added 2023/08/11 12:0 a.m.59 views

Python Parsing Error Enabling Bypass CVE-2023-24329

Overview urllib.parse is a very basic and widely used basic URL parsing function in various applications. Description An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. urlparse has a...

7.5CVSS8.3AI score0.20459EPSS
Exploits3References2
CERT
CERT
added 2023/08/07 12:0 a.m.19 views

Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...

8.2AI score
Exploits0
CERT
CERT
added 2023/07/27 12:0 a.m.13 views

Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation

Overview The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service path privilege escalation vulnerability. In certain conditions, this flaw can lead to a local privilege escalation. Description D-Link DWA-117 AC600 MU-MIMO is a Wi-Fi USB Adapter that...

7.5AI score
Exploits0
CERT
CERT
added 2023/07/20 12:0 a.m.25 views

Perimeter81 macOS Application Multiple Vulnerabilities

Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. Description At the time, the latest Perimeter81 MacOS application 10.0.0.19 suffers from local privilege escalation vulnerability inside its...

7.8CVSS7.9AI score0.00636EPSS
Exploits1References2
CERT
CERT
added 2023/07/11 12:0 a.m.27 views

Hard-coded credentials in Technicolor TG670 DSL gateway router

Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...

7.2CVSS7.5AI score0.00642EPSS
Exploits0References3
CERT
CERT
added 2023/02/28 12:0 a.m.374 views

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and...

7.8CVSS8.7AI score0.05552EPSS
Exploits0References9
CERT
CERT
added 2023/01/17 12:0 a.m.47 views

New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass vulnerability that allows an unauthenticated user to access content from both inside and outside the network. The second is a...

9.8CVSS9.4AI score0.11009EPSS
Exploits2References2
CERT
CERT
added 2023/01/17 12:0 a.m.37 views

Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: 1. A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a he...

9.8CVSS9.3AI score0.01781EPSS
Exploits0
CERT
CERT
added 2022/11/16 12:0 a.m.84 views

Netatalk contains multiple error and memory management vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk 3.1.12 that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected...

9.8CVSS8.4AI score0.08594EPSS
Exploits0References2
CERT
CERT
added 2022/11/08 12:0 a.m.45 views

Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface UEFI implementations are vulnerable to code execution in System Management Mode SMM by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access DMA timing attacks tha...

8.2CVSS7.8AI score0.00193EPSS
Exploits0References8
CERT
CERT
added 2022/11/01 12:0 a.m.888 views

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...

7.5CVSS7.9AI score0.92488EPSS
Exploits6References4
CERT
CERT
added 2022/10/07 12:0 a.m.52 views

Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference

Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description CVE-2022-3116 A flawed logical condition in...

7.5CVSS7.2AI score0.00885EPSS
Exploits0
CERT
CERT
added 2022/10/03 12:0 a.m.733 views

Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery SSRF attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary...

8.8CVSS9.4AI score0.9997EPSS
Exploits16References6
CERT
CERT
added 2022/09/27 12:0 a.m.57 views

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 L2 network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service DoS or to perform a...

4.7CVSS4.9AI score0.0071EPSS
Exploits1References14
CERT
CERT
added 2022/08/11 12:0 a.m.169 views

Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process...

6.7CVSS7.5AI score0.01037EPSS
Exploits0References8
CERT
CERT
added 2022/08/04 12:0 a.m.39 views

muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Overview Versions 1.1.5 and earlier of the mu HTTP deamon muhttpd are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Descriptio...

7.5CVSS7.7AI score0.12001EPSS
Exploits2References3
CERT
CERT
added 2022/06/21 12:0 a.m.37 views

SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. Description During OpCon UNIX agent installation and updates, an SSH public key is added to the root...

5.3AI score
Exploits0References2
CERT
CERT
added 2022/05/09 12:0 a.m.57 views

uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environmen...

6.5CVSS6.4AI score0.11264EPSS
Exploits0References14
CERT
CERT
added 2022/04/28 12:0 a.m.41 views

Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

Overview Prior to version 5.14, Qt hard-codes the qtprfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qtprfxpath value to a value that reflects the path where Qt exists on...

8.2CVSS8.6AI score0.00402EPSS
Exploits1References3
CERT
CERT
added 2022/04/28 12:0 a.m.67 views

Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory...

8.8CVSS8AI score0.00764EPSS
Exploits0
CERT
CERT
added 2022/03/31 12:0 a.m.258 views

Spring Framework insecurely handles PropertyDescriptor objects with data binding

Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications...

9.8CVSS9.4AI score0.99677EPSS
Exploits102References4
CERT
CERT
added 2022/02/24 12:0 a.m.45 views

Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS

Overview Visual Voice Mail VVM services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data. Description VVM is specified by Open Mobile Terminal Platform-OMPT and is implemented with SMS and IMAP...

8.1CVSS7.9AI score0.01406EPSS
Exploits1References2
CERT
CERT
added 2022/02/22 12:0 a.m.85 views

Mobile device monitoring services do not authenticate API requests

Overview The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability. These services and their associated apps can be used to perform non-consensual,...

7.5CVSS7.7AI score0.0247EPSS
Exploits0References5
Total number of security vulnerabilities3702