Email::address Security Vulnerabilities

RHEL 7 : bind, bind-dyndb-ldap, and dhcp (RHSA-2024:3741)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3741 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named);.....

Hirschmann HiOS Switches Null Pointer Dereference (CVE-2019-12259)

This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way (e.g., using the API intended for assigning unicast-addresses). An attacker may use CVE-2019-12264 to incorrectly assign a multicast IP-address. An attacker on the same LAN as...

Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-636)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-636 advisory. An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635NOTE: https://www.bouncycastle.org/latest_releases.htmlDEBIANBUG:...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment...

Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)

Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024,...

Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...

Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...

Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into...

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details **...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...

Security Bulletin: The IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188

Summary IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188(Malicious File Upload). Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details ** CVEID: CVE-2023-45188 DESCRIPTION: **IBM Engineering.....

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic...

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

Ubuntu: Security Advisory (USN-6812-1)

The remote host is missing an update for...

ruby:3.3 security, bug fix, and enhancement update

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability...

Fedora: Security Advisory for roundcubemail (FEDORA-2024-a591b4dc74)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6811-1)

The remote host is missing an update for...

Online Pizza Ordering System 1.0 SQL Injection

...

Fedora: Security Advisory for rust-local_ipaddress (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Oracle Linux 9 : ruby:3.3 (ELSA-2024-3671)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3671 advisory. - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. ...

Ubuntu: Security Advisory (USN-6810-1)

The remote host is missing an update for...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

Fedora: Security Advisory for roundcubemail (FEDORA-2024-680b8ba54e)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6813-1)

The remote host is missing an update for...

CVE-2024-24198

smartdns commit 54b4dc was discovered to contain a misaligned address at...

CVE-2024-24195

robdns commit d76d2e6 was discovered to contain a misaligned address at...

CVE-2024-24195

robdns commit d76d2e6 was discovered to contain a misaligned address at...

CVE-2024-24199

smartdns commit 54b4dc was discovered to contain a misaligned address at...

CVE-2024-24198

smartdns commit 54b4dc was discovered to contain a misaligned address at...

CVE-2024-24199

smartdns commit 54b4dc was discovered to contain a misaligned address at...

CVE-2024-37153

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance,...

CVE-2024-37153

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance,...

CVE-2024-37153

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance,...

Evmos allows unvested token delegations

Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade.....

Evmos allows unvested token delegations

Impact What kind of vulnerability is it? Who is impacted? At the moment, users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. Patches Has the problem been patched? What versions should users upgrade.....

CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance,...

CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance,...

Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....