Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

Symfony XML decoding attack vector through external entities

The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system...

GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

Nix 安全漏洞

Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix 2.22.1 and earlier versions that stems from mishandling certain uses of the hash cache, making it easier for an attacker to replace current source code with...

The vulnerability of the Glib library, related to buffer overflows in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of the Glib library is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2024-34360

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks by convincing a victim to visit a specially crafted Web site...

Apple macOS Sonoma 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma. An attacker exploiting the vulnerability is able to elevate privileges...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

GHSA-JCQQ-G64V-GCM7 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

image 安全漏洞

image is a set of Go libraries designed to handle container images and container image registries in various ways. A security vulnerability exists in image, which stems from a flaw found in the image library. An attacker exploiting this vulnerability could perform resource exhaustion, local path...

Bentley Systems Bentley View 安全漏洞

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A security vulnerability exists in Bentley View that stems from a specific flaw in the parsing of SKP files, which can be exploited by an attacker to execute code in the context of the current process...

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the fact that an attacker can accept a single user invitation by sending multiple concurrent requests, thereby allowing the creation of multiple user accounts from a...

CVE-2023-44446

GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending...

When is One Vulnerability Scanner Not Enough?

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability...

edk2: Infinite loop when parsing unknown options in the Destination Options header

A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header...