188 matches found
ROS-20231109-01
Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...
Who's Experimenting with AI Tools in Your Organization?
With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee. From a productivity perspective, that's fantastic. Unfortunately for IT and...
`envlogger` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...
Intel® PCSD BIOS Advisory
Summary: A potential security vulnerability in some Intel® Product Collaboration and Systems Division PCSD system BIOS may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-34657 Description: Improper...
GHSA-C24F-2J3G-RG48 kaml has potential denial of service while parsing input with anchors and aliases
Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...
Security Bulletin: TADDM Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
Intel® Connect M Android App Advisory
Summary: A potential security vulnerability in the Intel® Connect Mobile Connect M Android application may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-44470 Description: Incorrect default...
Adobe: Reflected Cross site scripting via Swagger UI
The security researcher responsibly disclosed a Reflected XSS to Adobe. We appreciate the collaboration and we're proceeding to include his name in our Acknowledgement page...
GHSA-M98G-63QJ-FP8J Reflected XSS on clients-registrations endpoint
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser. Acknowledgement...
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
Siemens Nucleus 缓冲区错误漏洞
Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...
GHSA-HGC3-HP6X-WPGX Antilles Dependency Confusion Vulnerability
Potential Impact: Remote code execution. Scope of Impact: Open-source project specific. Summary Description: A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a packag...
GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import
| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...
HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration
Trovent Security Advisory 2104-01 User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...
DEBIAN-CVE-2020-13529
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server...
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...
GHSA-27FJ-MC8W-J9WG RSA signature validation vulnerability on maleable encoded message in jsrsasign
Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...
CITSmart ITSM 9.1.2.22 - LDAP Injection
Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection Google Dork: "citsmart.local" Date: 29/12/2020 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.23 Using this LDAP query in the usernam...
ALPINE-CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...
ALSA-2021:0735 Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.24.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...