CVE-2024-4067 Regular Expression Denial of Service in micromatch

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

The Fundamentals of Cloud Security Stress Testing

״Defenders think in lists, attackers think in graphs," said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to...

CVE-2022-48688

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one host...

CVE-2022-48674

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674 erofs: fix pcluster use-after-free on UP platforms

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

CVE-2022-48674

CVE-2022-48674 - erofs use-after-free on UP platforms : Linux kernel patch fixes a race in erofs where erofs_workgroup_unfreeze() doesn’t reset orig_val, allowing a pcluster to be reused after free. This leads to a use-after-free in paths such as z_erofs_do_read_page/z_erofs_readahead under stres...

Fedora 40 : stalld (2024-d198253c42)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d198253c42 advisory. address issues found in Static Application Security testing Fix a service startup issue Fix file open issue when kernel lockdown is in effect Tenable has...

Exploit for Use After Free in Arm 5Th_Gen_Gpu_Architecture_Kernel_Driver

Exploit for CVE-2023-6241 The write up can be found hereh...

UBUNTU-CVE-2024-27036

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix writeback data corruption cifs writeback doesn't correctly handle the case where cifsextendwriteback hits a point where it is considering an additional folio, but this would overrun the wsize - at which point it drops o...

CVE-2024-27036 cifs: Fix writeback data corruption

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix writeback data corruption cifs writeback doesn't correctly handle the case where cifsextendwriteback hits a point where it is considering an additional folio, but this would overrun the wsize - at which point it drops o...

CVE-2024-32970

CVE-2024-32970 affects the Phlex Ruby framework. The XSS vulnerability arises from how user-provided input is rendered into HTML attributes (e.g., href or dynamic attribute names/values), allowing JavaScript execution in some contexts. Vulnerable details and remediation are documented across mult...

CentOS 9 : kernel-5.14.0-437.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-437.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usage The below...

CVE-2024-32467

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...

abstract-account-factory (>=0.13.0 <=0.16.1), abstract-adapter-utils (>=0.16.0 <=0.19.2) +415 more potentially affected by CVE-2024-58263 via cosmwasm-std (=1.3.4)

cosmwasm-std CARGO version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on cosmwasm-std and may be impacted: - abstract-account-factory =0.13.0, =0.16.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0-beta.4, =0.2.0-beta.4, =0.13.0, =0.16.5, =0.2.0-beta.4,...

Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security

Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...