Show filters
19 Total Results
Displaying 1-10 of 19
Sort by:
Attacker Value
Unknown

CVE-2025-1146

Disclosure Date: February 12, 2025 (last updated February 27, 2025)
CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack. CrowdStrike identified this issue internally and released a security fix in all Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor versions 7.06 and above. CrowdStrike identified this issue through our longstanding, rigorous security review process, which has been continually strengthened with deeper source code analysis and ongoing program enhancements as part of our commitment to security resilience. CrowdStrike …
0
Attacker Value
Unknown

CVE-2024-54384

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3.
0
Attacker Value
Unknown

CVE-2024-32634

Disclosure Date: April 16, 2024 (last updated February 26, 2025)
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
0
Attacker Value
Unknown

CVE-2024-32633

Disclosure Date: April 16, 2024 (last updated February 26, 2025)
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
0
Attacker Value
Unknown

CVE-2024-32632

Disclosure Date: April 16, 2024 (last updated February 26, 2025)
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
0
Attacker Value
Unknown

CVE-2024-32631

Disclosure Date: April 16, 2024 (last updated February 26, 2025)
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
0
Attacker Value
Unknown

CVE-2024-32625

Disclosure Date: April 16, 2024 (last updated February 26, 2025)
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
0
Attacker Value
Unknown

CVE-2022-2841

Disclosure Date: August 22, 2022 (last updated February 24, 2025)
A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-206880.
Attacker Value
Unknown

CVE-2022-26245

Disclosure Date: March 27, 2022 (last updated February 23, 2025)
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
Attacker Value
Unknown

CVE-2020-12330

Disclosure Date: November 12, 2020 (last updated February 22, 2025)
Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.