CVE-2024-6324

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics...

PT-2025-1382 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: Data Distribution Service DDS affected versions not specified Description: The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7...

SROS 2 安全漏洞

SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...

PT-2025-1381 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Data Distribution Service DDS affected versions not specified Description: The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7...

SROS 2 安全漏洞

SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...

SROS 2 安全漏洞

SROS 2 is a ROS 2 open source tool for generating and distributing SROS keys. A security vulnerability exists in SROS 2 that stems from the presence of a non-compliant implementation of privilege document validation, which could lead to an attacker being able to construct a malicious DDS...

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan RAT, developed in C, is a highly sophisticated malware offering unauthorised remote access with...

CVE-2024-8650

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests...

PT-2024-38757 · Imartinez +2 · Imartinez/Privategpt +1

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: An XSS vulnerability exists in the file upload process. Attackers can upload malicious SVG files that execute JavaScript when victims click on the file link. This can lead to user data theft,...

[SECURITY] Fedora 40 Update: python3.9-3.9.21-1.fc40

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

CVE-2024-9367

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while parsing templates to generate...

CVE-2024-12570

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

Distrobox: Arbitrary Code Execution

Background Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice...

MAL-2024-11615 Malicious code in infoind (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11498 Malicious code in windowsversionupdate (npm)

--- -= Per source details. Do not edit below this line.=-...

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems, related to unlimited resource distribution, allows a intruder to cause service failure.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series buildings is related to unlimited resource distribution. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

[SECURITY] [DSA 5825-1] ceph security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5825-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2024 https://www.debian.org/security/faq -...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems lies in their unlimited resource distribution. This allows a intruder to trigger a system reboot.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot remotely...

[SECURITY] [DSA 5815-2] needrestart regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5815-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 02, 2024 https://www.debian.org/security/faq -...

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...