VU#238194: R Programming Language implementations are vulnerable to arbitrary...
OverviewA vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited...
View ArticleVU#163057: BMC software fails to validate IPMI session.
OverviewThe Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An...
View ArticleVU#456537: RADIUS protocol susceptible to forgery attacks.
OverviewA vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced....
View ArticleVU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
OverviewA use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker...
View ArticleVU#244112: Multiple SMTP services are susceptible to spoofing attacks due to...
OverviewMultiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information....
View ArticleVU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature
OverviewA vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security...
View ArticleVU#138043: A stack-based overflow vulnerability exists in the Microchip...
OverviewA stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remote code execution.DescriptionAn implementation of DHCP...
View ArticleVU#123336: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
OverviewA command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an...
View ArticleVU#164934: PDQ Deploy allows reuse of deleted credentials that can compromise...
OverviewPDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy...
View ArticleVU#529659: Howyar Reloader UEFI bootloader vulnerable to unsigned software...
OverviewThe Howyar UEFI Application "Reloader" (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a...
View ArticleVU#952657: Rsync contains six vulnerabilities
OverviewRsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as...
View ArticleVU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
OverviewTunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do...
View ArticleVU#733789: ChatGPT-4o contains security bypass vulnerability through time and...
OverviewChatGPT-4o contains a jailbreak vulnerability called "Time Bandit" that allows an attacker the ability to circumvent the safety guardrails of ChatGPT and instruct it to provide illicit or...
View ArticleVU#148244: PandasAI interactive prompt function can be exploited to run...
OverviewPandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted...
View ArticleVU#726882: Paragon Partition Manager contains five memory vulnerabilities...
OverviewParagon Partition Manager's BioNTdrv.sys driver, versions prior to 2.0.0, contains five vulnerabilities. These include arbitrary kernel memory mapping and write vulnerabilities, a null pointer...
View Article