harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks

A vulnerability was found HarfBuzz. This flaw allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks...

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

Summary Unauthenticated HTML Injection / XSS Possible. Conditions: 2factor authentication must not set before Vulnerable Endpoint: /admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack,...

IBM DB2 Code Execution Vulnerability (CNVD-2023-58518)

IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from a code execution vulnerability that originates from an unchecked logger...

First liquidity provider can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept The attack vector and impact is that users may not receive shares...

CVE-2023-23546

A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC aud...

GHSA-W24W-WP77-QFFM CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

CVE-2023-34472

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity...

Lenovo XClarity Administrator 操作系统命令注入漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A command injection vulnerability exists in Lenovo XClarity Administrator, which...

jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...

VMware vCenter Server 缓冲区错误漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

tryCatchLimit can forward less than the specified gasLimit due to how CALL* opcode forward gas

Lines of code Vulnerability details Description To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The problem relays on the fact that we cannot be sure th...

The vulnerability of the Microsoft Power Apps development environment, related to errors in the user interface’s information representation, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Power Apps development environment is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

CVE-2023-2847

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied th...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by an attacker to cause local information to be disclosed without additional execute privileges...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS capabilities and leading performance of the Power Systems platform. An information disclosure...

(0Day) Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Vapor's Metrics integration could cause a system drain

This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create “unlimited” counters and timers, which will eventually drain the system. 2...

UBUNTU-CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...