Lucene search

K

EC-CUBE CO.,LTD. Security Vulnerabilities

cnvd
cnvd

Command Execution Vulnerability in EG3210 of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-11054)

The EG3210 is a multi-service security gateway. A command execution vulnerability exists in the EG3210, which can be exploited by an attacker to gain control of a...

7.6AI Score

2024-01-18 12:00 AM
8
prion
prion

Race condition

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

7.1AI Score

0.0004EPSS

2024-03-04 01:15 PM
8
prion
prion

Race condition

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

7.1AI Score

0.0004EPSS

2024-03-04 10:15 AM
12
thn
thn

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet...

6.9AI Score

2024-05-01 02:25 PM
3
thn
thn

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....

7.1AI Score

0.0004EPSS

2024-05-28 10:15 AM
6
oraclelinux
oraclelinux

systemd security update

[252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following,.....

5.9CVSS

7.7AI Score

0.001EPSS

2024-05-03 12:00 AM
2
debiancve
debiancve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

7AI Score

0.0004EPSS

2024-03-25 10:15 AM
5
ubuntucve
ubuntucve

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't...

6.5AI Score

0.0004EPSS

2024-03-25 12:00 AM
6
openvas
openvas

Directory Scanner

This plugin attempts to determine the presence of various common dirs on the remote web...

9.9CVSS

8.1AI Score

0.975EPSS

2005-11-03 12:00 AM
1650
zdi
zdi

(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue results from the lack of proper...

8.7CVSS

6.7AI Score

0.001EPSS

2024-05-19 12:00 AM
6
openvas
openvas

RedHat Update for kernel RHSA-2016:0185-01

The remote host is missing an update for...

6.2AI Score

0.002EPSS

2016-02-17 12:00 AM
15
nvd
nvd

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...

6.5AI Score

0.0004EPSS

2024-03-18 08:15 AM
cve
cve

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...

6.7AI Score

0.0004EPSS

2024-03-18 08:15 AM
38
nvd
nvd

CVE-2024-21824

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...

6.5AI Score

0.0004EPSS

2024-03-18 08:15 AM
cvelist
cvelist

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...

6.8AI Score

0.0004EPSS

2024-03-18 08:03 AM
cve
cve

CVE-2024-21824

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...

6.6AI Score

0.0004EPSS

2024-03-18 08:15 AM
33
cve
cve

CVE-2024-21805

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is.....

7.1AI Score

0.0004EPSS

2024-03-12 08:15 AM
36
cvelist
cvelist

CVE-2024-21824

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...

6.7AI Score

0.0004EPSS

2024-03-18 08:01 AM
nessus
nessus

Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5680 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a...

7.8CVSS

6.5AI Score

0.0004EPSS

2024-05-06 12:00 AM
12
openvas
openvas

Fedora: Security Advisory for jcuber (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

7AI Score

0.0004EPSS

2024-03-08 12:00 AM
2
thn
thn

Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022. Vinnik.....

7AI Score

2024-05-07 09:32 AM
2
schneier
schneier

Rethinking Democracy for the Age of AI

There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...

6.4AI Score

2024-06-18 11:04 AM
3
trellix
trellix

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

7.4AI Score

2024-04-29 12:00 AM
11
cve
cve

CVE-2024-27440

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...

5.7AI Score

0.0004EPSS

2024-03-13 06:15 AM
15
zdt

4.3CVSS

7.4AI Score

0.001EPSS

2024-03-04 12:00 AM
103
jvn
jvn

JVN#40367518: SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). ## Impact Arbitrary code may be executed with the privileges of the running application. ## Solution Update the...

7.2AI Score

0.0004EPSS

2024-03-27 12:00 AM
9
exploitdb

4.3CVSS

4.8AI Score

0.001EPSS

2024-03-03 12:00 AM
78
openvas
openvas

RedHat Update for gtk-vnc RHSA-2017:2258-01

The remote host is missing an update for...

9.8CVSS

8.8AI Score

0.005EPSS

2017-08-04 12:00 AM
12
openvas
openvas

RedHat Update for nettle RHSA-2016:2582-02

The remote host is missing an update for...

7.5CVSS

8.8AI Score

0.009EPSS

2016-11-04 12:00 AM
10
schneier
schneier

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI Score

2024-06-19 11:09 AM
7
nessus
nessus

FreeBSD : taglib -- heap-based buffer over-read via a crafted audio file (d3f3e818-8d10-11ea-8668-e0d55e2a8bf9)

Webin security lab - dbapp security Ltd reports : The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio...

6.5CVSS

6.5AI Score

0.003EPSS

2020-05-04 12:00 AM
10
cnvd
cnvd

Information leakage vulnerability in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-10034)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

6.8AI Score

2024-01-22 12:00 AM
7
nvd
nvd

CVE-2024-25972

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...

6.6AI Score

0.0004EPSS

2024-03-01 10:15 AM
1
talosblog
talosblog

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...

7.5AI Score

2024-06-21 12:00 PM
5
openbugbounty
openbugbounty

cube-homes.com Improper Access Control vulnerability OBB-3796526

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2023-11-27 09:21 PM
6
prion
prion

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-02-29 06:15 AM
13
krebs
krebs

The Not-so-True People-Search Network from China

It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a....

6.4AI Score

2024-03-21 03:18 AM
14
openvas
openvas

RedHat Update for qt RHSA-2013:0669-01

The remote host is missing an update for...

6.4AI Score

0.0004EPSS

2013-03-22 12:00 AM
6
thn
thn

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware...

9.8CVSS

7.3AI Score

0.003EPSS

2024-05-15 10:56 AM
5
krebs
krebs

Who Stole 3.6M Tax Records from South Carolina?

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a...

7.1AI Score

2024-04-16 11:26 AM
8
hackread
hackread

FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

By Waqas The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide. This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress - Millions of Sites at...

7.3AI Score

2024-03-12 05:49 PM
8
prion
prion

Heap overflow

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...

8AI Score

0.0004EPSS

2024-02-29 01:44 AM
24
cnvd
cnvd

SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System

Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Skywing Application Virtualization System, which can be exploited by attackers to obtain database information and execute...

7.9AI Score

2024-01-17 12:00 AM
13
cve
cve

CVE-2006-2980

SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id...

8.8AI Score

0.003EPSS

2006-06-12 10:02 PM
28
cnvd
cnvd

Arbitrary File Download Vulnerability in DSS of Zhejiang Dahua Technology Co.(CNVD-2024-10023)

Zhejiang Dahua Technology Co., Ltd. is a supplier of surveillance products and solution service provider. Zhejiang Dahua Technology Co., Ltd DSS has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...

7AI Score

2024-01-22 12:00 AM
11
openvas
openvas

RedHat Update for java-1.7.0-openjdk RHSA-2015:1230-01

The remote host is missing an update for...

3.7CVSS

5.7AI Score

0.974EPSS

2015-07-16 12:00 AM
20
nvd
nvd

CVE-2023-6241

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

6.2AI Score

0.0004EPSS

2024-03-04 01:15 PM
cve
cve

CVE-2023-6241

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

6.4AI Score

0.0004EPSS

2024-03-04 01:15 PM
35
githubexploit

0.1AI Score

2022-01-30 01:42 PM
179
nvd
nvd

CVE-2023-6143

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....

6.3AI Score

0.0004EPSS

2024-03-04 10:15 AM
1
Total number of security vulnerabilities16007