VU#746790: SMM callout vulnerabilities identified in Gigabyte UEFI firmware m...
Friday, July 11, 2025

Overview System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. Wh... .. read more..

VU#613753: Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) c...
Tuesday, July 8, 2025

Overview Multiple vulnerabilities have been identified in Ruckus Wireless management products, specifically Virtual SmartZone (vSZ) and Network Director (RND), including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution... .. read more..

VU#806555: A Vulnerability in UEFI Applications allows for secure boot bypass...
Tuesday, June 10, 2025

Overview UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability stems from improper handling of a runtime NVRAM variable that enables an arbitrary write primiti... .. read more..

VU#282450: Out-of-Bounds read vulnerability in TCG TPM2.0 reference implement...
Tuesday, June 10, 2025

Overview An out-of-bounds (OOB) read vulnerability has been identified in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.83 (March 2024). An attacker with access to a TPM command interface can exploit this vulnerability by sending special... .. read more..

VU#211341: A vulnerability in Insyde H2O UEFI application allows for digital ...
Tuesday, June 10, 2025

Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An ... .. read more..

VU#760160: libexpat library is vulnerable to DoS attacks through stack overflow
Friday, May 9, 2025

Overview A stack overflow vulnerability has been discovered within the libexpat open source library. When parsing XML documents with deeply nested entity references, libexpat can recurse indefinitely. This can result in exhaustion of stack space and a crash. An attacker can weaponize this to eith... .. read more..

VU#722229: Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
Wednesday, May 7, 2025

Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these vulner... .. read more..

VU#360686: Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password...
Friday, May 2, 2025

Overview Digigrams PYKO-OUT audio-over-IP (AoIP) product is used for audio decoding and intended for various uses such as paging, background music, live announcements and others. It has hardware compatibility with two analog mono outputs and a USB port for storing local playlists. The product doe... .. read more..

VU#667211: Various GPT services are vulnerable to two systemic jailbreaks, al...
Tuesday, April 29, 2025

Overview Two systemic jailbreaks, affecting a number of generative AI services, were discovered. These jailbreaks can result in the bypass of safety protocols and allow an attacker to instruct the corresponding LLM to provide illicit or dangerous content. The first jailbreak, called “Inception,” ... .. read more..

VU#726882: Paragon Software Hard Disk Manager product line contains five memo...
Monday, April 14, 2025

Overview The Paragon Software Hard Disk Manager (HDM) product line contains a vulnerable driver titled BioNTdrv.sys. The driver, versions 10.1.X.Y and older, 1.0.0.0, 1.1.0.0, 1.3.0.0, 1.4.0.0, and 1.5.1.0, contain five vulnerabilities. These include arbitrary kernel memory mapping and write vuln... .. read more..

VU#252619: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4....
Thursday, April 3, 2025

Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a high-... .. read more..

VU#148244: PandasAI interactive prompt function can be exploited to run arbit...
Tuesday, February 11, 2025

Overview PandasAI , an open source project by SinaptikAI , has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, potentially achieving arbitrary code execution. In response, SinaptikAI has implement... .. read more..

VU#733789: ChatGPT-4o contains security bypass vulnerability through time and...
Thursday, January 30, 2025

Overview ChatGPT-4o contains a jailbreak vulnerability called "Time Bandit" that allows an attacker the ability to circumvent the safety guardrails of ChatGPT and instruct it to provide illicit or dangerous content. The jailbreak can be initiated in a variety of ways, but centrally requires the a... .. read more..

VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
Friday, January 17, 2025

Overview Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented ... .. read more..

VU#952657: Rsync contains six vulnerabilities
Tuesday, January 14, 2025

Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,... .. read more..

Bugtraq: Re: BugTraq Shutdown
Sunday, January 17, 2021

Re: BugTraq Shutdown .. read more..

Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update
Sunday, January 17, 2021

Re: [SECURITY] [DSA 4628-1] php7.0 security update .. read more..

Bugtraq: On Second Thought...
Sunday, January 17, 2021

On Second Thought... .. read more..

Bugtraq: BugTraq Shutdown
Friday, January 15, 2021

BugTraq Shutdown .. read more..

Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclos...
Friday, July 26, 2019

Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability .. read more..

Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities
Friday, July 26, 2019

LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities .. read more..

Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability
Friday, July 26, 2019

Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability .. read more..

Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
Thursday, July 25, 2019

KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability .. read more..

4053440 - Securely opening Microsoft Office documents that contain Dynamic Da...
Tuesday, January 9, 2018

.. read more..

4056318 - Guidance for securing AD DS account used by Azure AD Connect for di...
Tuesday, December 12, 2017

.. read more..

MS14-085 - Important: Vulnerability in Microsoft Graphics Component Could All...
Thursday, October 19, 2017

.. read more..

MS16-087 - Critical: Security Update for Windows Print Spooler Components (31...
Tuesday, September 12, 2017

.. read more..

MS16-JUL - Microsoft Security Bulletin Summary for July 2016 - Version: 2.0
Tuesday, September 12, 2017

.. read more..

MS16-AUG - Microsoft Security Bulletin Summary for August 2016 - Version: 3.0
Tuesday, September 12, 2017

.. read more..

MS16-095 - Critical: Cumulative Security Update for Internet Explorer (317735...
Tuesday, September 12, 2017

.. read more..

MS16-OCT - Microsoft Security Bulletin Summary for October 2016 - Version: 3.0
Tuesday, September 12, 2017

.. read more..

MS16-039 - Critical: Security Update for Microsoft Graphics Component (31485...
Tuesday, September 12, 2017

.. read more..

MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 4.0
Tuesday, September 12, 2017

.. read more..

MS16-123 - Important: Security Update for Windows Kernel-Mode Drivers (319289...
Tuesday, September 12, 2017

.. read more..

MS16-149 - Important: Security Update for Microsoft Windows (3205655) - Vers...
Wednesday, August 23, 2017

.. read more..

MS17-007 - Critical: Cumulative Security Update for Microsoft Edge (4013071) ...
Tuesday, August 8, 2017

.. read more..

MS17-MAR - Microsoft Security Bulletin Summary for March 2017 - Version: 4.0
Tuesday, August 8, 2017

.. read more..

4038556 - Guidance for securing applications that host the WebBrowser Control...
Tuesday, August 8, 2017

.. read more..

MS16-111 - Important: Security Update for Windows Kernel (3186973) - Version:...
Tuesday, July 11, 2017

.. read more..

MS16-SEP - Microsoft Security Bulletin Summary for September 2016 - Version: 2.0
Tuesday, July 11, 2017

.. read more..

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privileg...
Tuesday, June 27, 2017

.. read more..

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Tuesday, June 13, 2017

.. read more..

4022345 - Identifying and correcting failure of Windows Update client to rece...
Friday, May 12, 2017

.. read more..

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Friday, May 12, 2017

.. read more..

4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of...
Wednesday, May 10, 2017

.. read more..

MS17-013 - Critical: Security Update for Microsoft Graphics Component (401307...
Tuesday, May 9, 2017

.. read more..

4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and...
Tuesday, May 9, 2017

.. read more..

MS17-021 - Important: Security Update for Windows DirectShow (4010318) - Vers...
Tuesday, April 11, 2017

.. read more..

MS16-037 - Critical: Cumulative Security Update for Internet Explorer (314853...
Tuesday, April 11, 2017

.. read more..

MS17-014 - Important: Security Update for Microsoft Office (4013241) - Versio...
Tuesday, April 11, 2017

.. read more..

Powered by Feed Informer