Aggregated realtime CVE vulnerability data from Software, Government, and search sources. AI monitoring for security disclosure data.
SHOP NOWCVE-2023-26602 : ASUS iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution....
Posted 1 year ago (26 February 2023)
CVE-2022-32953 : An issue was discovered in Insyde with #kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM...
Posted 1 year ago (14 February 2023)
CVE-2022-34885 : An improper input sanitization vulnerability in the Motorola router could allow a local user with elevated permissions to execute arbitrary code....
Posted 1 year ago (30 January 2023)
CVE-2022-24118 : Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, before 2.0....
Posted 1 year ago (26 December 2022)
CVE-2022-35897 : An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde with #kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overfl...
Posted 1 year ago (21 November 2022)
CVE-2022-21504 : The code in U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another...
Posted 2 years ago (14 June 2022)
CVE-2022-29522 : Use after free vulnerability exists in the simulator module contained in the graphic editor '' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a ...
Posted 2 years ago (14 June 2022)
CVE-2021-40401 : A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execut...
Posted 2 years ago (04 February 2022)
CVE-2021-43297 : A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use as the default serialization/deserialization pro...
Posted 2 years ago (10 January 2022)