9.8CVSS
9.6AI Score
0.007EPSS
9.8CVSS
7.4AI Score
0.007EPSS
Bootiful Spring Boot in 2024 (part 1)
NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds read for policy...
5.7AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
EPSS
8.8AI Score
EPSS
Friday Squid Blogging: New Plant Looks Like a Squid
Newly discovered plant looks like a squid. And it's super weird: The plant, which grows to 3 centimetres tall and 2 centimetres wide, emerges to the surface for as little as a week each year. It belongs to a group of plants known as fairy lanterns and has been given the scientific name...
7.3AI Score
JWX vulnerable to a denial of service attack using compressed JWE message
Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory....
6.8CVSS
7AI Score
0.001EPSS
JWX vulnerable to a denial of service attack using compressed JWE message
Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory....
6.8CVSS
7AI Score
0.001EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Thu Mar 7 15:16:48 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_feb2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
7.5CVSS
6.6AI Score
0.001EPSS
The 3 most common post-compromise tactics on network infrastructure
We've been discussing networking devices quite a lot recently and how Advanced Persistent Threat actors (APTs) are using highly sophisticated tactics to target aging infrastructure for espionage purposes. Some of these attacks are also likely prepositioning the APTs for future disruptive or...
8.3AI Score
WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...
7.4AI Score
My Calendar < 3.4.24 - Authenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin) PoC 1. Use any type of role (as long as you permit it the action to Add Events). 2......
5.9AI Score
0.0004EPSS
About the security content of macOS Sonoma 14.4
About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.6CVSS
8.9AI Score
0.963EPSS
About the security content of watchOS 10.4
About the security content of watchOS 10.4 This document describes the security content of watchOS 10.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
7.8CVSS
8.8AI Score
0.002EPSS
My Calendar < 3.4.24 - Authenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the...
6AI Score
0.0004EPSS
macOS 13.x < 13.6.5 Multiple Vulnerabilities (HT214085)
The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.5. It is, therefore, affected by multiple vulnerabilities: A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may...
8.6CVSS
8.6AI Score
0.002EPSS
macOS 14.x < 14.4 Multiple Vulnerabilities (HT214084)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.4. It is, therefore, affected by multiple vulnerabilities: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS...
8.6CVSS
8.6AI Score
0.963EPSS
About the security content of macOS Ventura 13.6.5
About the security content of macOS Ventura 13.6.5 This document describes the security content of macOS Ventura 13.6.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
8.6CVSS
8.8AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
7.3AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 - 0day Exploit 0day for FortiOS 6.0-7.4.2....
9.8CVSS
9.6AI Score
0.018EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)
IBM SECURITY ADVISORY First Issued: Wed Mar 6 15:05:06 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory4.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
6.5CVSS
6.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
7.1AI Score
0.0004EPSS
CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
7.6AI Score
0.0004EPSS
CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
6.8AI Score
0.0004EPSS
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3qx3-6hxr-j2ch. This link is maintained to preserve external references. Original Description Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the...
7.8AI Score
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...
9.4AI Score
0.0004EPSS
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...
7.5AI Score
0.0004EPSS
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...
7.6AI Score
0.0004EPSS
Function Calling in Java and Spring AI using the latest Mistral AI API
UPDATE: As of March 13, 2024, Mistral AI has integrated support for parallel function calling into their large model, a feature that was absent at the time of this blog's initial publication. Mistral AI, a leading developer of open-source large language models, unveiled the addition of Function...
7.5AI Score
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. Notes Author| Note ---|--- | Priority reason: Likely not affected due to not vendoring libgit2. sbeattie | likely due to an...
9.8CVSS
7.8AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure....
7.6AI Score
0.0004EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a...
8.6AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6649-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6649-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let's start with my open...
10CVSS
8.4AI Score
0.969EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.3AI Score
0.0004EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.6AI Score
0.0004EPSS
7 Rapid Questions with #77 Ray Bourque
We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship. Ray is an absolute hero to Bruins fans everywhere. He has cemented his status in the annals of Boston sports history through 21 seasons in the black...
6.9AI Score
TL;DR CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words() Details: django.utils.text.Truncator.words() method (with html=True) and truncatewords_html template filter were subject to a potential regular expression denial-of-service attack using a...
7.5CVSS
9.5AI Score
0.029EPSS
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects...
9.6AI Score
0.0004EPSS
About the security content of iOS 17.4 and iPadOS 17.4
About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.8CVSS
8.9AI Score
0.002EPSS
Coder's OIDC authentication allows email with partially matching domain to register
Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as...
8.2CVSS
7AI Score
0.0004EPSS
Coder's OIDC authentication allows email with partially matching domain to register
Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODER_OIDC_EMAIL_DOMAIN verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as...
8.2CVSS
6.9AI Score
0.0004EPSS
"Gotta Fly Now" is more closely associated with corporate hype videos or conferences with thousands of attendees in a mid-market city's convention center than it is from its origins in the "Rocky" movies. But Heather Couk thinks it's useful in incident response calls, too. Couk, an incident...
7.3AI Score
[SECURITY] [DLA 3748-1] thunderbird security update
Debian LTS Advisory DLA-3748-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.8.0-1~deb10u1 CVE...
9.3AI Score
0.0004EPSS
[SECURITY] [DLA 3747-1] firefox-esr security update
Debian LTS Advisory DLA-3747-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.8.0esr-1~deb10u1 CVE...
9.1AI Score
0.0004EPSS
Debian dla-3747 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...
8AI Score
0.0004EPSS