USN-6667-1 libcpanel-json-xs-perl vulnerability

It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A remote attacker could use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service, or possibly obtain sensitive information...

PYSEC-2024-164

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

SUSE-SU-2024:0601-1 Security update for python-pycryptodome

This update for python-pycryptodome fixes the following issues: - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding decoding for OAEP bsc1218564...

SUSE-SU-2024:0585-1 Security update for python-pycryptodome

This update for python-pycryptodome fixes the following issues: - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding decoding for OAEP bsc1218564...

Integer Overflow

dav1d is vulnerable of integer overflow. The vulnerability due to improper memory allocation in dav1d AV1 decoder that can occur when decoding videos with large frame size. it could indeed lead to memory corruption and pose a security risk...

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

CVE-2024-1580

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d...

PT-2024-2631 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted...

Node.js 18.x < 18.19.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

MGASA-2024-0036 Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

USN-6629-1 ujson vulnerabilities

It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2021-45958 Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An...

Base64 Command Encoder

This encoder uses base64 encoding to avoid bad characters. Module Options msf use encoder/cmd/base64 msf encoderbase64 show actions ...actions... msf encoderbase64 set ACTION msf encoderbase64 show options ...show and set options... msf encoderbase64 run This module requires Metasploit:...

HackerOne: LLM03: Training Data Poisoning via ASCII decoding

Vulnerability description not provided...

Mageia: Security Advisory (MGASA-2024-0020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

MGASA-2024-0020 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

FAUST: A Phobos Ransomware Variant Launches Fileless Attack

Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Excessive time spent checking invalid RSA public keys CVE-2023-6237 PKCS12 Decoding crashes CVE-2024-0727...