Aggregator

CVE-2023-20615 | MediaTek MT8797 ril out-of-bounds write (ALPS07629572 / EUVD-2023-24794)

4 months ago

A vulnerability, which was classified as critical, was found in MediaTek MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T and MT8797. The affected element is an unknown function of the component ril. Such manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-20615. Local access is required to approach this attack. No exploit exists. It is advisable to implement a patch to correct this issue.

vuldb.com

CVE-2023-20616 | MediaTek MT8797 ion out-of-bounds (ALPS07560720 / EUVD-2023-24795)

Vuldb Updates

4 months ago

A vulnerability has been found in MediaTek MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8183, MT8321, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791T and MT8797 and classified as problematic. The impacted element is an unknown function of the component ion. Performing manipulation results in out-of-bounds read. This vulnerability was named CVE-2023-20616. The attack needs to be approached locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.

vuldb.com

Medusa Blog

Dark Feed IO

4 months ago

You must login to view this content

cohenido

CVE-2025-48385 | Microsoft Visual Studio Git injection (Nessus ID 241644 / WID-SEC-2025-1485)

Vuldb Updates

4 months ago

A vulnerability classified as problematic was found in Microsoft Visual Studio. This issue affects some unknown processing of the component Git. The manipulation results in injection. This vulnerability is reported as CVE-2025-48385. The attacker must have access to the local network to execute the attack. No exploit exists. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2025-48386 | Microsoft Visual Studio Git privilege escalation (Nessus ID 241644 / WID-SEC-2025-1485)

Vuldb Updates

4 months ago

A vulnerability, which was classified as problematic, has been found in Microsoft Visual Studio. Impacted is an unknown function of the component Git. This manipulation causes privilege escalation. This vulnerability appears as CVE-2025-48386. The attacker needs to be present on the local network. There is no available exploit. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2025-46835 | j6t git-gui up to 2.50.0 argument injection (GHSA-xfx7-68v4-v8fg / EUVD-2025-21002)

Vuldb Updates

4 months ago

A vulnerability has been found in j6t git-gui up to 2.50.0 and classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes argument injection. This vulnerability is tracked as CVE-2025-46835. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

vuldb.com

CVE-2025-46835 | Microsoft Visual Studio Git privilege escalation (EUVD-2025-21002 / Nessus ID 241644)

Vuldb Updates

4 months ago

A vulnerability classified as problematic was found in Microsoft Visual Studio. This impacts an unknown function of the component Git. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-46835. Access to the local network is required for this attack to succeed. There is no exploit available. A patch should be applied to remediate this issue.

vuldb.com

CVE-2025-48384 | Microsoft Visual Studio Git symlink (EUVD-2025-20677 / Nessus ID 241644)

Vuldb Updates

4 months ago

A vulnerability classified as problematic has been found in Microsoft Visual Studio. This vulnerability affects unknown code of the component Git. The manipulation leads to symlink following. This vulnerability is documented as CVE-2025-48384. The attack requires being on the local network. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

vuldb.com

CVE-2025-27614 | j6t gitk up to 2.50.0 os command injection (GHSA-g4v5-fjv9-mhhc / EUVD-2025-21004)

Vuldb Updates

4 months ago

A vulnerability was found in j6t gitk up to 2.50.0. It has been declared as critical. This vulnerability affects unknown code. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2025-27614. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

Bleeping Computer.

4 months ago

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. [...]

Lawrence Abrams

CVE-2018-15472 | GitLab Community Edition/Enterprise Edition up to 11.1.6/11.2.3/11.3.0 Diff Formatter denial of service (Nessus ID 255155)

Vuldb Updates

4 months ago

A vulnerability marked as problematic has been reported in GitLab Community Edition and Enterprise Edition up to 11.1.6/11.2.3/11.3.0. This impacts an unknown function of the component Diff Formatter. Performing manipulation results in denial of service. This vulnerability is known as CVE-2018-15472. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2015-9275 | arc 5.21q Archive File Path path traversal (Nessus ID 255160)

Vuldb Updates

4 months ago

A vulnerability identified as critical has been detected in arc 5.21q. Affected by this vulnerability is an unknown functionality. The manipulation as part of Archive File leads to path traversal (Path). This vulnerability is documented as CVE-2015-9275. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2017-9104 | adns up to 1.5.1 Compression resource consumption (FEDORA-2020-530188bf36 / Nessus ID 255159)

Vuldb Updates

4 months ago

A vulnerability classified as problematic was found in adns up to 1.5.1. This affects an unknown function of the component Compression Handler. The manipulation results in resource consumption. This vulnerability is identified as CVE-2017-9104. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2015-1192 | kgb 1.0b4 path traversal (Nessus ID 255164 / BID-72111)

Vuldb Updates

4 months ago

A vulnerability labeled as problematic has been found in kgb 1.0b4. Affected by this issue is some unknown functionality. The manipulation results in path traversal. This vulnerability is cataloged as CVE-2015-1192. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2019-14872 | Newlib libc Library up to 3.2.x _dtoa_r Return Value null pointer dereference (Nessus ID 255165)

Vuldb Updates

4 months ago

A vulnerability identified as problematic has been detected in Newlib libc Library up to 3.2.x. This impacts the function _dtoa_r. The manipulation as part of Return Value leads to null pointer dereference. This vulnerability is listed as CVE-2019-14872. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

vuldb.com

CVE-2021-45930 | Qt up to 6.2.1 Qt SVG growAppend out-of-bounds write (Nessus ID 255205)

Vuldb Updates

4 months ago

A vulnerability was found in Qt up to 6.2.1. It has been rated as critical. The affected element is the function QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend of the component Qt SVG. Performing manipulation results in out-of-bounds write. This vulnerability is known as CVE-2021-45930. Access to the local network is required for this attack. No exploit is available. Applying a patch is the recommended action to fix this issue.

vuldb.com

Silk Typhoon hackers hijack network captive portals in diplomat attacks

Bleeping Computer.

4 months ago

State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. [...]

Bill Toulas

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June

CyberScoop

4 months ago

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

The post Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June appeared first on CyberScoop.

Matt Kapko

APT36 Targets Indian BOSS Linux Using Weaponized .desktop Shortcut Files

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

4 months ago

Researchers have unveiled ONEFLIP, a novel inference-time backdoor attack that compromises full-precision deep neural networks (DNNs) by flipping just one bit in the model’s weights, marking a significant escalation in the practicality of hardware-based attacks on AI systems. Unlike traditional backdoor methods that require poisoning training data or manipulating the training process, ONEFLIP operates during […]

The post APT36 Targets Indian BOSS Linux Using Weaponized .desktop Shortcut Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Velociraptor incident response tool abused for remote access

Sophos Threat Research

4 months ago

This approach represents an evolution from threat actors abusing remote monitoring and management tools

Mindi McDowell

Aggregator

Managed ad