K31130692: GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606

Security Advisory Description CVE-2016-8605 The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode...

CVE-2023-0616

The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...

Juicer < 1.11 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC juicer name='" onmouseover=alert/XSS/...

Siemens JT Open Toolkit Stack Buffer Overflow Vulnerability

Siemens JT Open Toolkit Siemens JTTK is a C++ application programming interface API from Siemens, Germany. It provides support for 64-bit application development on Microsoft Windows, Linux and MacOS. Siemens JT Open Toolkit suffers from a stack buffer overflow vulnerability that can be exploited...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to Denial of Service DoS. The vulnerability exists because the onUntarJSON function in importer.go does not properly limit the number of bytes read for specific files when importing an OCI image, allowing an attacker to cause an application crash...

Denial Of Service (DoS)

curl is vulnerable to Denial of Service DoS. The vulnerability occurs because curl caps chained HTTP compression algorithms on per header basis. This allows an attacker to insert a virtually unlimited number of compression steps simply by using many headers leading to a crash...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM FlashSystem models 840 and 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM® FlashSystem™ 840 and IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

RewardThrottle.populateFromPreviousThrottle may be exposed to front-run attack

Lines of code Vulnerability details Impact RewardThrottle.populateFromPreviousThrottle allows ADMINROLE to use epochData from previousThrottle to populate state from activeEpoch to epoch in current RewardThrottle. function populateFromPreviousThrottleaddress previousThrottle, uint256 epoch extern...

Siemens Tecnomatix Plant Simulation Uninitialized Pointer Vulnerability

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, integrated modeling and simulation tool. An uninitialized pointer access vulnerability exists in Siemens Tecnomatix Plant Simulation. An attacker could use this vulnerability to execute code in the context of the current proces...

LS ELECTRIC XBC-DN32U Access Control Error Vulnerability (CNVD-2023-21677)

The LS ELECTRIC XBC-DN32U is a PLC programmable logic controller from LS ELECTRIC in Korea. An Access Control Error vulnerability exists in the LS ELECTRIC XBC-DN32U version 01.80. The vulnerability stems from the device's inability to properly control access to the PLC via its internal XGT...

K000132635: OpenSSL vulnerability CVE-2022-4450

Security Advisory Description The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers...

GO-2023-1568 Path traversal on Windows in path/filepath

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

CVE-2022-29054

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...

Atrocore 1.5.25 Shell Upload Exploit

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

GO-2023-1566 Cross site scripting in github.com/usememos/memos

A malicious actor can introduce links starting with a "javascript:" scheme due to insufficient checks on external resources. This can be used as a part of Cross-site Scripting XSS attack...

Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions

Synopsys Coverity Plugin 3.0.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anothe...

Magecart Attack Disguised as Google Tag Manager

Magecart skimmers constantly evolve. Recent attacks aimed at stealing sensitive customer information illustrate the need for comprehensive security solutions...

CVE-2023-0361

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

SUSE CVE-2012-2143

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

SUSE CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...