Daily Free App @ Amazon Security Vulnerabilities

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, py3-idna, ggshield, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, jwt-tool,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, reflex, confluent-docker-utils, kubeflow-volumes-web-app, dask-gateway, pytorch,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, reflex, confluent-docker-utils, kubeflow-volumes-web-app, dask-gateway, pytorch,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool,...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, ggshield, reflex, confluent-docker-utils, py3-cassandra-medusa, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, superset, airflow,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-volumes-web-app, kube-downscaler, dask-gateway,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-volumes-web-app, kube-downscaler, dask-gateway,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, airflow, ggshield, patroni, reflex, confluent-docker-utils, py3.10-tensorflow-core, py3-cassandra-medusa, kubeflow-volumes-web-app, az, kubeflow-katib, superset, jwt-tool,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, k8s-sidecar, kubeflow-pipelines, ggshield, reflex, confluent-docker-utils, py3-cassandra-medusa, kubeflow-volumes-web-app, az, dask-gateway, kubeflow-katib, superset, airflow,...

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind...

CVE-2024-23373 Use After Free in Graphics

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...

CVE-2024-21461 Double Free in HLOS

Memory corruption while performing finish HMAC operation when context is freed by...

romo.com Cross Site Scripting vulnerability OBB-3939839

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dorsetthotels.com Cross Site Scripting vulnerability OBB-3939838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dyseno.com Cross Site Scripting vulnerability OBB-3939837

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...

Social Media Monitoring and Rogue App Detection in Akamai Brand Protector

...

stuco-sicherheitsschuhe.de Cross Site Scripting vulnerability OBB-3939823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.hu Cross Site Scripting vulnerability OBB-3939820

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.com Cross Site Scripting vulnerability OBB-3939819

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

duplo-frank.de Cross Site Scripting vulnerability OBB-3939818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

stuco.ch Cross Site Scripting vulnerability OBB-3939816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vrecenze.cz Cross Site Scripting vulnerability OBB-3939808

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

directory-online.biz Cross Site Scripting vulnerability OBB-3939807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

CosmicSting: critical unauthenticated XXE vulnerability in...

A week in security (June 24 – June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data...

blitzwolfeurope.com Cross Site Scripting vulnerability OBB-3939804

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

londonwarmemorial.co.uk Cross Site Scripting vulnerability OBB-3939803

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

au-magasin-de-velo.fr Cross Site Scripting vulnerability OBB-3939802

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: Denial of service vulnerability in Amazon Ion may affect IBM Storage Protect Server

Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...

CVE-2024-38480

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...

CVE-2024-38480

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...

CVE-2024-38480

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this...

CVE-2024-6291

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser.....

CVE-2024-38385

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the.....

CVE-2024-39463

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0;...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1871)

The remote host is missing an update for the Huawei...

CVE-2024-6292

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

GNU Emacs, Org Mode: Multiple Vulnerabilities

Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no.....

Zsh: Prompt Expansion Vulnerability

Background A shell designed for interactive use, although it is also a powerful scripting language. Description Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact A vulnerability in prompt expansion could be exploited...

CVE-2024-6293

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

Android Automotive OS Update Bulletin—July 2024

The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this.....

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...

cpio: Arbitrary Code Execution

Background cpio is a file archival tool which can also read and write tar files. Description Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact GNU cpio allows attackers to execute arbitrary code via a crafted pattern file,....

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1857)

The remote host is missing an update for the Huawei...