An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2258012...
5.3AI Score
0.0004EPSS
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
8AI Score
0.002EPSS
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
8AI Score
0.002EPSS
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management...
9.1CVSS
7.4AI Score
0.001EPSS
GLSA-202401-09 : Eclipse Mosquitto: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-09 (Eclipse Mosquitto: Multiple Vulnerabilities) In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In Mosquitto before 2.0.16,...
6.9AI Score
GitHub and the Ekoparty 2023 Capture the Flag
As an Ekoparty 2023 sponsor, GitHub once again had the privilege of submitting several challenges to the event’s Capture The Flag (CTF) competition. Employees from across GitHub’s Security organization came together to brainstorm, plan, build, and test these challenges to create a compelling,...
7.5AI Score
Maliciously crafted Git server replies can cause DoS on go-git clients
Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications.....
6.4AI Score
0.0005EPSS
Maliciously crafted Git server replies can cause DoS on go-git clients
Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications.....
6.4AI Score
0.0005EPSS
Lines of code https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/Base.sol#L55 Vulnerability details Impact Lack of input validation for ClosePositionParams.amountSwap results in theft of fund Proof of Concept ParticlePositionManager.sol....
7.4AI Score
A flaw was found in Squid, which is susceptible to a Denial of Service (DoS) due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...
7.3AI Score
0.005EPSS
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...
7.5CVSS
7.3AI Score
0.005EPSS
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...
7.4AI Score
0.005EPSS
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...
7.5CVSS
6.9AI Score
0.005EPSS
Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing.....
8AI Score
Schweitzer Engineering Laboratories SEL-411L
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...
7AI Score
0.001EPSS
pubnub Insufficient Entropy vulnerability
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...
7AI Score
0.001EPSS
pubnub Insufficient Entropy vulnerability
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...
7AI Score
0.001EPSS
libsquid.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a buffer overread bug in the library. This allows an attacker to cause an application crash during HTTP message...
6.9AI Score
0.015EPSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....
7.4AI Score
0.015EPSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....
7.5CVSS
7.2AI Score
0.015EPSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....
7.5CVSS
6.7AI Score
0.015EPSS
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more...
6.5CVSS
7.2AI Score
0.001EPSS
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more...
9.8CVSS
7.7AI Score
0.001EPSS
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more...
6.5CVSS
7.1AI Score
0.001EPSS
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more.....
6.1CVSS
6.6AI Score
0.0005EPSS
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for...
6.1CVSS
8.2AI Score
0.001EPSS
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more...
5.4CVSS
7.2AI Score
0.0005EPSS
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more...
9.8CVSS
7.7AI Score
0.001EPSS
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more...
7.8CVSS
7.3AI Score
0.0004EPSS
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more.....
6.1CVSS
7.4AI Score
0.001EPSS
Ubuntu 20.04 ESM / 22.04 LTS / 23.04 : Mosquitto vulnerabilities (USN-6492-1)
The remote Ubuntu 20.04 ESM / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6492-1 advisory. In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT...
7AI Score
The Continued Evolution of the DarkGate Malware-as-a-Service
The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center (SOC) successfully detected and stopped an attack against Musarubra, the holding.....
7.6AI Score
The Continued Evolution of the DarkGate Malware-as-a-Service
The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center (SOC) successfully detected and stopped an attack against Musarubra, the holding.....
7.6AI Score
kernel security, bug fix, and enhancement update
[4.18.0-513.5.1_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
8AI Score
0.005EPSS
kernel security, bug fix, and enhancement update
[5.14.0-362.8.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32...
7.8AI Score
0.005EPSS
Fedora 39 : mosquitto (2023-9adc4be8b0)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9adc4be8b0 advisory. In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In...
7.1AI Score
Squid is vulnerable to Denial Of Service. The vulnerability is due to improper validation of particular index which allows an attacker to initiate a TLS Handshake with a malicious crafted SSL Certificate in a server certificate chain thus leading to denial of...
6.8AI Score
0.006EPSS
A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...
7.2AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
7.5CVSS
7.1AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
6.8AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
7.5CVSS
7.3AI Score
0.006EPSS
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown...
7.8CVSS
7.3AI Score
0.001EPSS
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown...
7.8CVSS
7.5AI Score
0.001EPSS
Cosmos packet-forward-middleware vulnerable to chain-halt
The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a...
6.8AI Score
Cosmos packet-forward-middleware vulnerable to chain-halt
The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The packet-forward-middleware module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a...
6.8AI Score
Security Bulletin: IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto
Summary IBM Integration Bus is vulnerable to a denial of service due to Eclipse Mosquitto (CVE-2023-28366, CVE-2023-3592, CVE-2023-0809). Vulnerability Details ** CVEID: CVE-2023-28366 DESCRIPTION: **Eclipse Mosquitto is vulnerable to a denial of service, caused by a memory leak flaw in the...
6.6AI Score
0.001EPSS
JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1809 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability October 19, 2023 CVE Number CVE-2023-38128 SUMMARY An out-of-bounds write vulnerability exists in the “HyperLinkFrame” stream parser of Ichitaro 2023...
7.6AI Score
0.002EPSS
JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1758 JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability October 19, 2023 CVE Number CVE-2023-34366 SUMMARY A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially...
7.4AI Score
0.004EPSS
JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1808 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability October 19, 2023 CVE Number CVE-2023-38127 SUMMARY An integer overflow exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially...
7.8AI Score
0.001EPSS
Security Bulletin: IBM Aspera Faspex has addressed an IP address restriction bypass vulnerability
Summary IBM Aspera Faspex could allow a malicious actor to bypass the whitelist IP check at user log in. This is not an unauthorized user access exploit. Vulnerability Details ** CVEID: CVE-2023-30995 DESCRIPTION: **IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a...
6.9AI Score
0.001EPSS