2294 matches found
CVE-2024-25636
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, whi...
CVE-2024-25623
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
Design/Logic Flaw
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
CVE-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...
Misskey Code Issues Vulnerabilities
Misskey is a suite of micro-blogging platforms. A code issue vulnerability exists in Misskey versions prior to 2024.2.0. An attacker exploited the vulnerability to impersonate and take over an account on a remote server...
PT-2024-21056 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2024.2.0 Description: Misskey is an open source, decentralized social media platform with ActivityPub support. The issue arises when fetching remote Activity Streams objects, as Misskey doesn't check that the respons...
CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-47158, CVE-2023-47145, CVE-2023-47747, CVE-2023-27859, CVE-2023-47746, CVE-2023-47152, CVE-2023-47141, CVE-2023-45193,...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-5072, CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-22081, CVE-2023-5676 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
CVE-2024-0552
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...
CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server...
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its...
PYSEC-2024-1 gratient 0.5 contains credential harvesting code
gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram...
PT-2024-40896 · Microsoft +2 · Windows +2
Name of the Vulnerable Software and Affected Versions: gratient version 0.5 Description: The issue concerns malicious code embedded in the library, which targets Windows platforms. This code is capable of harvesting information and credentials from the user's system and sending them to a remote...
Exploit for Code Injection in Apache Ofbiz
Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...
Zero-Click Outlook RCE Exploitation Chain in Windows
Summary: Two vulnerabilities CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows can be chained to achieve remote code execution RCE on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a...