CBOR Security Breach

CBOR is a C implementation of the Concise Binary Object Representation by the individual developer Peter Occil. A security vulnerability exists in CBOR versions 4.0.0 through 4.5.0, which stems from the use of an inefficient algorithm that makes it susceptible to denial-of-service attacks when...

sharp-words.com Improper Access Control vulnerability OBB-3810621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

iocs

It is an offensive tool for threat intelligence. The repository...

sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

GHSA-54XQ-CGQR-RPM3 sharp vulnerability in libwebp dependency CVE-2023-4863

Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...

10secondsofcode-custom (=1.0.0), 10up-toolkit (>=4.2.0 <=5.0.0) +5502 more potentially affected by unknown CVE via sharp (>=0.10.1 <=0.32.5)

sharp NPM version =0.10.1, =4.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-54XQ-CGQR-RPM3...

Microsoft Common Data Model SDK Security Vulnerability

Microsoft Common Data Model SDK is a software application from Microsoft Corporation USA. A security vulnerability exists in Microsoft Common Data Model SDK. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Microsoft Comm...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

The vulnerability of the CreateSerializerSettings() function in the JSON Serializer component allows a hacker to trigger a service failure. This vulnerability is related to the C# language protocol implemented by the language server.

The vulnerability of the CreateSerializerSettings function in the JSON Serializer component is related to the implementation of the C language server protocol. This vulnerability leads to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service...

Friday Squid Blogging: Light-Emitting Squid

Its a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophore...

Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for...

PT-2023-23274 · Unknown · Startsharp +1

Name of the Vulnerable Software and Affected Versions: Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0 Description: An issue was discovered where password reset links sent by email contain a token that remains valid even after the password reset, allowing it to be used...

GHSA-H2PM-378C-PCXX Path traversal vulnerability in gatsby-plugin-sharp

Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...

Path traversal vulnerability in gatsby-plugin-sharp

Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...

@ableaura/ableui (=0.1.0), @accodeing/gatsby-theme-heimr (>=0.65.0 <=0.65.1) +873 more potentially affected by CVE-2023-30548 via gatsby-plugin-sharp (>=5.0.0 <=5.6.0)

gatsby-plugin-sharp NPM version =5.0.0, =0.65.0, =5.0.0-rc1, =2018.4.29-10, =3.0.0, =1.0.0, =1.0.13, =2.1.0, =2.0.0, =1.5.0, =3.0.0, =3.0.0, =1.0.42, =1.0.5, =0.3.0, =0.3.27-beta.0 and more Source cves: CVE-2023-30548 Source advisory: OSV:GHSA-H2PM-378C-PCXX...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +945 more potentially affected by CVE-2023-30548 via gatsby-plugin-sharp (>=1.6.41 <=4.25.0)

gatsby-plugin-sharp NPM version =1.6.41, =1.0.0, =1.0.1, =1.0.0, =0.1.13, =0.48.0, =1.0.0, =1.0.0, =1.0.10, =3.0.0, =4.7.5 - @adobe/gatsby-theme-commerce =0.0.2 and more Source cves: CVE-2023-30548 Source advisory: OSV:GHSA-H2PM-378C-PCXX...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

Path traversal

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...