AMD Ryzen™ 6000 Series Processors With Radeon™ Graphics "Rembrandt" Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

Exploit for CVE-2024-24919

CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...

CVE-2024-36883

In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....

CVE-2024-36885

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...

CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...

Exploit for Type Confusion in Google Chrome

Chrome Renderer 1day RCE via Type Confusion in Async Stack...

EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises

EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Disclaimer: This tool is...

Exploit for CVE-2024-24919

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Exploit for CVE-2024-24919

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a...

[SECURITY] Fedora 39 Update: rust-zram-generator-1.1.2-11.fc39

This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...

[SECURITY] Fedora 39 Update: rust-uu_yes-0.0.23-3.fc39

yes ~ (uutils) repeatedly display a line with STRING (or...

[SECURITY] Fedora 39 Update: rust-uu_shred-0.0.23-3.fc39

shred ~ (uutils) hide former FILE contents with repeated...

[SECURITY] Fedora 39 Update: rust-uu_nl-0.0.23-3.fc39

nl ~ (uutils) display input with added line...

[SECURITY] Fedora 39 Update: rust-uu_join-0.0.23-3.fc39

join ~ (uutils) merge lines from inputs with matching join...

[SECURITY] Fedora 39 Update: rustup-1.26.0-3.fc39

Manage multiple rust installations with...

[SECURITY] Fedora 39 Update: rust-uu_basename-0.0.23-3.fc39

basename ~ (uutils) display PATHNAME with leading directory components...

[SECURITY] Fedora 39 Update: rust-tealdeer-1.6.1-8.fc39

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching...

[SECURITY] Fedora 39 Update: rust-sequoia-octopus-librnp-1.8.1-4.fc39

Reimplementation of RNP's interface using Sequoia for use with...

[SECURITY] Fedora 39 Update: rust-silver-2.0.1-8.fc39

A cross-shell customizable powerline-like prompt with...

[SECURITY] Fedora 39 Update: rust-sha1collisiondetection-0.3.4-2.fc39

SHA-1 hash function with collision detection and...

[SECURITY] Fedora 39 Update: rust-sd-1.0.0-2.fc39

Intuitive find & replace CLI. * Painless regular expressions sd uses regex syntax that you already know from JavaScript and Python. Forget about dealing with quirks of sed or awk - get productive immediate ly. * String-literal mode Non-regex find & replace. No more backslashes or...

[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...

[SECURITY] Fedora 39 Update: rust-python-launcher-1.0.0-12.fc39

The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...

[SECURITY] Fedora 39 Update: rust-lsd-1.1.2-3.fc39

An ls command with a lot of pretty colors and some other...

[SECURITY] Fedora 39 Update: rust-names-0.14.0-2.fc39

A random name generator with names suitable for use in container instances, project names, application instances,...

[SECURITY] Fedora 39 Update: rust-lino-0.10.0-9.fc39

A command line text editor with notepad like key...

[SECURITY] Fedora 39 Update: rust-desed-1.2.1-4.fc39

Sed script debugger. Debug and demystify your sed scripts with TUI...

[SECURITY] Fedora 39 Update: rust-cpc-1.9.3-3.fc39

Evaluates math expressions, with support for units and conversion between...

[SECURITY] Fedora 39 Update: rust-bat-0.24.0-5.fc39

A cat(1) clone with...

[SECURITY] Fedora 39 Update: ntpd-rs-1.1.2-2.fc39

Full-featured implementation of NTP with NTS...

[SECURITY] Fedora 39 Update: rust-asahi-wifisync-0.2.0-3.fc39

A tool to sync Wifi passwords with macos on ARM...

[SECURITY] Fedora 39 Update: rust-asahi-btsync-0.2.0-3.fc39

A tool to sync Bluetooth pairing keys with macos on ARM...

[SECURITY] Fedora 39 Update: maturin-1.5.1-2.fc39

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python...

[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39

An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...

Malicious code in stablecoin-evm (npm)

This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...

Malicious code in xloportailcfn (npm)

This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud...

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....

Exploit for CVE-2024-24919

CVE-2024-24919 Bulk Scanner CVE-2024-24919 [Check Point...

CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-5348 Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes

The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of.....

CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...

CVE-2024-2295 Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2506 Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....

CVE-2024-4087 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-4342 Royal Elementor Addons and Templates <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...