UBUNTU-CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.28 packages and security update

Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

TeamViewer Installed (Linux)

Binary data teamviewerlinuxinstalled.nbin...

ZenML Detection

Binary data pythonzenmldetect.nbin...

Johnson Controls ExacqVision Web Server Installed (Linux)

Binary data johnsoncontrolsexacqvisionwebservernixinstalled.nbin...

Acronis Cyber Infrastructure Service Detection

Binary data acroniscyberinfrastructureservicedetect.nbin...

Apache OFBiz Path Traversal (CVE-2024-32113)

Binary data apacheofbizcve-2024-32113.nbin...

Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Summary Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the...

CVE-2024-42633

A Command Injection vulnerability exists in the doupgradepost function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges...

GHSA-XMRP-424F-VFPX SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

GeoSolutionsGroup Jai-Ext Installed Packages (Linux / Unix)

Binary data geosolutionsjaiextnixinstalled.nbin...

CVE-2024-42633

A Command Injection vulnerability exists in the doupgradepost function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges...

CVE-2024-42265

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...

CVE-2024-42634

CVE-2024-42634 affects the Tenda AC9 router running v15.03.06.42. The vulnerability lies in the httpd binary’s function formWriteFacMac , enabling a command injection that allows an attacker to execute OS commands with root privileges. Impact is stated as full compromise of the device with root a...

Schneider Electric Accutech Manager Buffer Overflow

Binary data scadaschneiderelectricaccutechmanager2100.nbin...

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

H2O Detection

Binary data pythonh2odetect.nbin...