985 matches found
CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...
[SECURITY] Fedora 39 Update: rear-2.7-8.fc39
Relax-and-Recover is the leading Open Source disaster recovery and system migration solution. It comprises of a modular frame-work and ready-to-go workflows for many common situations to produce a bootable image and restore from backup using this image. As a benefit, it allows to restore to...
Exploit for Improper Access Control in Joomla Joomla\!
Joomla! options Arguments - url: Root URL base...
[SECURITY] Fedora 39 Update: unbound-1.19.1-2.fc39
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
Fedora: Security Advisory (FEDORA-2024-2e26eccfcb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: grub2-2.06-114.fc38
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
[SECURITY] Fedora 39 Update: grub2-2.06-116.fc39
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
Festo CECX-X-C1 and CECX-X-M1 Improper Authentication (CVE-2014-0769)
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX- X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 ...
This Week in Spring - January 2nd, 2024
Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...
Rhadamanthys Stealer Version 0.5.0 Upgrade Overview
Summary: Rhadamanthys, the information-stealing malware, has taken a significant leap with its v0.5.0 upgrade, introducing expanded stealing features, raw syscalls, and an enhanced loader design, showcasing advanced evasion techniques. Its modular architecture allows for continuous updates,...
DEBIAN-CVE-2023-50981
ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...
UBUNTU-CVE-2023-50981
ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...
This Week in Spring - December 12th, 2023
Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...
T3SF - Technical Tabletop Exercises Simulation Framework
T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list MSEL together with a set of rules defined for each exercise optional and a configuration that allows defining the parameters of the corresponding platform. The main module...
Škoda Modular Infotainment Platform 3 Encryption Issue Vulnerability
Škoda Modular Infotainment Platform 3 MIB3 is a modular infotainment platform from the Czech company Škoda. A security vulnerability exists in Škoda Modular Infotainment Platform 3. An attacker can easily decode the vulnerability...
PT-2023-22036 · Volkswagen · Modular Infotainment Platform 3
Name of the Vulnerable Software and Affected Versions: Modular Infotainment Platform 3 MIB3 affected versions not specified Description: Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus ...
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data...
Fedora: Security Advisory for dotnet6.0 (FEDORA-2023-3dba61ad8c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: dotnet6.0-6.0.124-1.fc37
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...