PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
SQL Injection in Harbor scan log API
Impact A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...
Description Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. For example: if a.....
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
code injection vulnerability exists in the huggingface/text-generation-inference repository
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.head_ref user input, which is used to dynamically construct a command for installing.....
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....
Slack integration leaks sensitive information in logs
Impact Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, it is possible under specific configurations, an attacker can forge...
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the application database), and the associated endpoints are....
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). Conditions for vulnerability reproduction The framework is in debug mode (YII_DEBUG set to true)......
6.4AI Score
0.019EPSS
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...
7AI Score
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
7.7AI Score
0.001EPSS
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
7AI Score
10AI Score
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
Updated unbound packages fix security vulnerability
Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a...
6.7AI Score
[SECURITY] Fedora 39 Update: rust-zram-generator-1.1.2-11.fc39
This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...
[SECURITY] Fedora 39 Update: rust-uu_yes-0.0.23-3.fc39
yes ~ (uutils) repeatedly display a line with STRING (or...
[SECURITY] Fedora 39 Update: rust-uu_shred-0.0.23-3.fc39
shred ~ (uutils) hide former FILE contents with repeated...
[SECURITY] Fedora 39 Update: rust-uu_nl-0.0.23-3.fc39
nl ~ (uutils) display input with added line...
[SECURITY] Fedora 39 Update: rust-uu_join-0.0.23-3.fc39
join ~ (uutils) merge lines from inputs with matching join...
[SECURITY] Fedora 39 Update: rust-uu_basename-0.0.23-3.fc39
basename ~ (uutils) display PATHNAME with leading directory components...
[SECURITY] Fedora 39 Update: rust-tealdeer-1.6.1-8.fc39
Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching...
[SECURITY] Fedora 39 Update: rust-sequoia-octopus-librnp-1.8.1-4.fc39
Reimplementation of RNP's interface using Sequoia for use with...
[SECURITY] Fedora 39 Update: rust-silver-2.0.1-8.fc39
A cross-shell customizable powerline-like prompt with...
[SECURITY] Fedora 39 Update: rust-sha1collisiondetection-0.3.4-2.fc39
SHA-1 hash function with collision detection and...
[SECURITY] Fedora 39 Update: rust-sd-1.0.0-2.fc39
Intuitive find & replace CLI. * Painless regular expressions sd uses regex syntax that you already know from JavaScript and Python. Forget about dealing with quirks of sed or awk - get productive immediate ly. * String-literal mode Non-regex find & replace. No more backslashes or...
[SECURITY] Fedora 39 Update: rust-resctl-bench-2.2.5-3.fc39
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...
[SECURITY] Fedora 39 Update: rust-python-launcher-1.0.0-12.fc39
The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...
[SECURITY] Fedora 39 Update: rust-lsd-1.1.2-3.fc39
An ls command with a lot of pretty colors and some other...
[SECURITY] Fedora 39 Update: rust-names-0.14.0-2.fc39
A random name generator with names suitable for use in container instances, project names, application instances,...
[SECURITY] Fedora 39 Update: rust-lino-0.10.0-9.fc39
A command line text editor with notepad like key...
[SECURITY] Fedora 39 Update: rust-desed-1.2.1-4.fc39
Sed script debugger. Debug and demystify your sed scripts with TUI...
7.3AI Score
[SECURITY] Fedora 39 Update: rust-cpc-1.9.3-3.fc39
Evaluates math expressions, with support for units and conversion between...
7.4AI Score
7.3AI Score
[SECURITY] Fedora 39 Update: ntpd-rs-1.1.2-2.fc39
Full-featured implementation of NTP with NTS...
7.3AI Score
[SECURITY] Fedora 39 Update: rust-asahi-wifisync-0.2.0-3.fc39
A tool to sync Wifi passwords with macos on ARM...
7.3AI Score
[SECURITY] Fedora 39 Update: rust-asahi-btsync-0.2.0-3.fc39
A tool to sync Bluetooth pairing keys with macos on ARM...
7.3AI Score
[SECURITY] Fedora 39 Update: maturin-1.5.1-2.fc39
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python...
7.4AI Score
[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
Malicious code in stablecoin-evm (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Malicious code in xloportailcfn (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM
Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud...
7.3AI Score
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score