SUSE CVE-2019-1010204

GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vector is: An ELF file with an...

SUSE CVE-2021-29527

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...

SUSE CVE-2022-39426

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful...

New ESXiArgs encryption routine outmaneuvers recovery methods

In what seems to be a typical arms race where one side responds to counter the progress the other side has made, the ransomware group behind the massive attack on ESXi Virtual Machines VMs has come up with a new variant that can no longer be decrypted with the recovery script released by the...

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

...

Malicious code in beatuifulsoup (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 72ba369b5a85adbffd6e9f932e5386dfc0589fb06d1df90d9a67ac8b6ae723a9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in pyagme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a9006373fe83e8c38a485abef06917a70996e85da2b5f4b697ae539ffc1f0075 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

CVE-2022-44570

A denial of service vulnerability in the Range header parsing component of Rack = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with...

CVE-2022-44572

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of servi...

Denial of service

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of servi...

Malicious code in ccx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4b65e79327daa2cc5ec5b36d4f94dde43607d8cb595f276122659ef69d86a25a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

CVE-2022-44571

CVE-2022-44571 describes a denial-of-service in Rack’s Content-Disposition parsing, impacting applications that parse multipart posts (virtually all Rails apps). The issue can be triggered by crafted input causing extended parsing time. Fixed in Rack versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0....

Future-Depth Institutional Management Website 代码问题漏洞

Future-Depth Institutional Management Website is a user-friendly institutional website from the individual developers at Future-Depth that offers various types of courses for students. A security vulnerability exists in Future-Depth Institutional Management Website IMS version 1.0. An attacker...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

Open redirect

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 2 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...

CVE-2022-44717

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

CVE-2023-0284

CVE-2023-0284 affects Checkmk with improper input validation of LDAP user IDs. Affected: Checkmk <= 2.1.0p19, Checkmk

Updated viewvc packages fix security vulnerability

ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names names that, when...

CVE-2022-4443 BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF

The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...