CampusCoin Student Feed Aggregator

+ VU#164934: PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement—Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within t...

+ VU#123336: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J—Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found ...

+ VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server—Overview A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remo...

+ VU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature—Overview A vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw all...

+ VU#244112: Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement—Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks ...

+ VU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier—Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to...

+ VU#456537: RADIUS protocol susceptible to forgery attacks.—Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-A...

+ VU#163057: BMC software fails to validate IPMI session.—Overview The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) softw...

+ VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files—Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has be...

+ VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models—Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13...

+ VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows—Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when...

+ VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks—Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. ...

+ VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks—Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field b...

+ VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops—Overview A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthentic...

+ VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions—Overview A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered...

+ VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks—Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware...

As of 12/21/24 6:33am. Last new 12/11/24 1:04pm.  Score: 698