VulnCheck KEV: CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...

Twitter Recommendation Algorithm 安全漏洞

Twitter Recommendation Algorithm is a Twitter recommendation algorithm open-sourced by Twitter in the United States. A security vulnerability exists in Twitter Recommendation Algorithm ec83d01 and prior versions, which stems from a vulnerability that allows an attacker to cause a denial of servic...

FlipRotation v1.0 decoder - Shellcode (146 bytes)

Exploit Title: FlipRotation v1.0 decoder - Shellcode 146 bytes Exploit Author: Eduardo Silva Date: 2022-12-31 Tested on: Linux x8664 SMP Debian 4.19.260-1 SLAE/Student ID: PA-31319 Webpage: https://0xnibbles.github.io/ Twitter: @0xnibbles Course: This shellcode was created for the x86 Assembly...

CVE-2023-29218

CVE-2023-29218 concerns Twitter’s Recommendation Algorithm (ec83d01). The available documents describe a vulnerability where attackers can cause a denial-of-service-like effect (reduction of a target’s reputation score) by coordinating negative signals across multiple accounts (e.g., unfollowing,...

PT-2023-22211

Name of the Vulnerable Software and Affected Versions Twitter Recommendation Algorithm through ec83d01 Description The issue allows attackers to cause a denial of service by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing,...

CVE-2023-29218

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited...

CVE-2022-43620

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the la...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the la...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

Summary Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family CVE-2011-3389 Vulnerability Details Security Bulletin --- Summary --- SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the...

D-Link DIR-1935 授权问题漏洞

The D-Link DIR-1935 is a wireless router from China-based AUO D-Link. The D-Link DIR-1935 suffers from an authorization issue vulnerability that stems from not properly implementing the authentication algorithm...

Authorization

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

CBL Mariner 2.0 Security Update: openvswitch (CVE-2019-25076)

The version of openvswitch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-25076 advisory. - The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attacke...

RHEL 7 : Red Hat Gluster Storage web-admin-build (RHSA-2023:1486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1486 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

PT-2023-3584 · Libssh +10 · Libssh +10

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified Description: A NULL pointer dereference was found in libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. The vulnerability is relat...

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

GHSA-5MQJ-XC49-246P crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

Our use of flate.NewReader does not limit the size of the input. The user could pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possib...

Design/Logic Flaw

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...