Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple...
9.8CVSS
9.2AI Score
0.001EPSS
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Helix Core Server”), a source code management platform largely used in the videogame industry and by multiple...
9.8CVSS
10AI Score
0.001EPSS
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...
8.1CVSS
7.4AI Score
0.0005EPSS
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...
8.1CVSS
7.7AI Score
0.0005EPSS
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...
8.1CVSS
7.6AI Score
0.0005EPSS
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...
7.6CVSS
8AI Score
0.0005EPSS
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...
6.8AI Score
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...
6.8AI Score
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5.3CVSS
4.9AI Score
0.001EPSS
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5.3CVSS
5.3AI Score
0.001EPSS
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5.3CVSS
4.9AI Score
0.001EPSS
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5.3CVSS
5AI Score
0.001EPSS
CVE-2023-29529 matrix-js-sdk vulnerable to invisible eavesdropping in group calls
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5CVSS
5.3AI Score
0.001EPSS
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Impact An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible....
5.3CVSS
5.4AI Score
0.001EPSS
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Impact An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible....
5.3CVSS
5.2AI Score
0.001EPSS
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...
5.3CVSS
5.4AI Score
0.001EPSS
FreeBSD : py39-sentry-sdk -- sensitive cookies leak (15dae5cc-9ee6-4577-a93e-2ab57780e707)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 15dae5cc-9ee6-4577-a93e-2ab57780e707 advisory. Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using...
6.5AI Score
0.001EPSS
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
6.5CVSS
7.5AI Score
0.001EPSS
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
7.6CVSS
6.3AI Score
0.001EPSS
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
7.6CVSS
6.7AI Score
0.001EPSS
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
6.5CVSS
6.4AI Score
0.001EPSS
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
7.6CVSS
7.7AI Score
0.001EPSS
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive....
7.6CVSS
6.3AI Score
0.001EPSS
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which...
7.5CVSS
7.3AI Score
0.002EPSS
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which...
7.5CVSS
3.5AI Score
0.002EPSS
Drainage of FeeCollector's Block Transaction Fees in cronos
Impact In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe. Patches This problem has been patched in Cronos v0.6.5 on the mempool...
7.5CVSS
1.4AI Score
0.001EPSS
Drainage of FeeCollector's Block Transaction Fees in cronos
Impact In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. User funds and balances are safe. Patches This problem has been patched in Cronos v0.6.5 on the mempool...
7.5CVSS
1.4AI Score
0.001EPSS
github.com/crypto-org-chain/cronos is vulnerable to privilege escalation. An attacker can take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom-crafted...
7.5CVSS
3.4AI Score
0.001EPSS
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are...
7.5CVSS
7.4AI Score
0.001EPSS
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are...
7.5CVSS
0.001EPSS
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are...
7.5CVSS
6.9AI Score
0.001EPSS
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are...
7.5CVSS
7.4AI Score
0.001EPSS
CVE-2021-43839 Drainage of FeeCollector's Block Transaction Fees
Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos v0.6.5. There are...
7.5CVSS
7.6AI Score
0.001EPSS
efiXplorer - IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation
efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of....
7.6AI Score
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname...
7.5CVSS
7.5AI Score
0.001EPSS
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname...
7.5CVSS
7.4AI Score
0.001EPSS
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname...
7.5CVSS
7.4AI Score
0.001EPSS
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname...
7.5AI Score
0.001EPSS
May 2020 Patch Tuesday – 111 Vulns, 16 Critical, SharePoint, VS Code, Adobe Patches
Continuing the trend of large Microsoft Patch Tuesdays, this month’s addresses 111 vulnerabilities with 16 of them labeled as Critical. The 16 Critical vulnerabilities cover SharePoint, Browsers, Scripting Engines, Media Foundation, Microsoft Graphics, Microsoft Color Management, and the VS Code...
8.7AI Score
0.017EPSS
Describes the issues that are fixed in the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010.SummaryThis article describes the Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist...
0.3AI Score
WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It
Extract Windows Defender database from vdm files and unpack it This program distributed as-is, without any warranty; No official support, if you like this tool, feel free to contribute. Features Unpack VDM containers of Windows Defender/Microsoft Security Essentials; Decrypt VDM container...
7.5AI Score
PLATINUM continues to evolve, find ways to maintain invisibility
Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group. We described a group that was well-resourced and quickly adopted advanced techniques, such as hot patching to.....
7.9AI Score
Describes the bugs that are resolved in the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit that is dated March 2011.SummaryThis article describes the issues that is fixed in the cumulative update for Office Communications...
0.2AI Score
Describes the bugs that are resolved in the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit that is dated November 2010.SummaryThis article describes the issue that is fixed in the cumulative update for Office Communications...
0.2AI Score
Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk
The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers. The SDK in question is Moplus, which.....
7AI Score
Citrix NITRO SDK - Command Injection Vulnerability
A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and...
7.6AI Score
Intel® Active Management Technology Software Development Kit Remote Code Execution
**Summary: ** Intel® Active Management Technology (Intel® AMT) Software Development Kit (SDK) is the development framework for the independent software vendors (ISVs) to develop manageability applications that interact with Intel® AMT-enabled systems. Updated software which corrects a potential...
0.5AI Score
DUO-PSA-2015-001: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass...
-0.1AI Score