57 matches found
EUVD-2022-49651
Malicious code in bioql PyPI...
LLM vs. SAST: a Technical Analysis on Detecting Coding Bugs of GPT4-Advanced Data Analysis
With the rapid advancements in Natural Language Processing NLP, large language models LLMs like GPT-4 have gained significant traction in diverse applications, including security vulnerability scanning. This paper investigates the efficacy of GPT-4 in identifying software vulnerabilities compared...
MariaDB 10.11.0 < 10.11.12 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.11.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.11.12 advisory. - Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected a...
Linux Distros Unpatched Vulnerability : CVE-2022-34568
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDLx11yuv.c. CVE-2022-34568 Note that Nessus relies on the presence...
Linux Distros Unpatched Vulnerability : CVE-2018-19107
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-based buffer...
Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27) (macOS)
The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-27 advisory. - Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful...
Rocky Linux 8 : expat (RLSA-2024:6989)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6989 advisory. libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer...
New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation
Co-authored by Andrea Ruddy Risks identified within a cloud environment compound to represent a real threat of exploitation. Our cloud risk scoring, introduced recently to insightCloudSec, focuses on these toxic combinations. Toxic combinations are attractive for bad actors who can target multipl...
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
The Internet Systems Consortium ISC has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain BIND 9 Domain Name System DNS software suite that could be exploited to trigger a denial-of-service DoS condition. "A cyber threat actor could exploit one of...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
GHSA-2VQ2-XC55-3J5M vulnerabilities
Vulnerabilities for packages: expat...
Oracle Patch Update, January 2024 Security Update Review
Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...
PT-2023-30223 · Unknown · Online Matrimonial Project
Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue affects the Online Matrimonial Project, allowing for multiple vulnerabilities to be exploited. Recommendations: For Online Matrimonial Project version 1.0, at the moment, there is ...
Rocky Linux 8 : expat (RLSA-2020:4484)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4484 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount...
2022 Top Routinely Exploited Vulnerabilities
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory CSA: United States: The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI Australia: Australian Signals Directorate’s Australian Cyb...
CVE-2023-4049
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
Race condition
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
RSEC-2023-0 Out-of-bounds write and stack based buffer overflow vulnerabilities
The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multiple attack vectors due to the underlying use of the libxls library. Several exploitable vulnerabilities have been identified in different functions of libxls versions 1.3.4 and 1.4. These include out-of-bounds write and stack...
Hacking the Tax Code
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...
Mozilla: libusrsctp library out of date
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...