Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Apple macOS Hydra Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the Hydr...

Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Weston Embedded uC-HTTP HTTP Server form boundary memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1738 Weston Embedded uC-HTTP HTTP Server form boundary memory corruption vulnerability November 14, 2023 CVE Number CVE-2023-28379 SUMMARY A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP...

TS Webfonts for さくらのレンタルサーバ < 3.1.3 - Font Settings Change via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

python-certifi: Removal of e-Tugra root certificate

A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector...

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts...

GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

Important: kernel-livepatch-6.1.38-59.109

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. I...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 – Confluence OGNL injection vulnerability Sc...

Information disclosure

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

CVE-2023-38546

CVE-2023-38546 affects libcurl/curl (curl_easy_duphandle path). Root cause: when duplicating an easy handle with cookies enabled, the cookie state is cloned without cookies; if source hadn’t loaded cookies from disk, the clone may load cookies from a file named none in the program’s CWD, enabling...

Apollo Router Code Issue Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A code issue vulnerability exists in Apollo Router. An attacker could use this vulnerability to cause the router to panic and terminate when sending a multi-part response...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach weve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Serve...

PT-2023-28944 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription1name parameter,...

Neos CMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...

GHSA-6QJF-7G3J-QX25 Neos CMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...

CVE-2023-4785

A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms for example, Linux, allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++,...