Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don...

RHEL 8 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lapack: Out-of-bounds read in larrv CVE-2021-4048 - Beginning in v1.4.1 and prior to v1.4.9, due to an...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods,...

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

CVE-2024-5044

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

CVE-2024-5044

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

CVE-2024-5044 Emlog Pro Cookie improper authentication

A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The complexity of an...

Kimai information disclosure vulnerability

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...

CVE-2024-4596

CVE-2024-4596 affects Kimai up to 2.15.0, with information disclosure via manipulation of PHPSESSIONID in the Session Handler. The issue may be exploited remotely; attack complexity is reported as high and exploitation is considered difficult. Upgrading to Kimai 2.16.0 addresses the vulnerability...

SUBNET Substation Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Subnet Solutions Inc. Equipment : Substation Server Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-4062

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-4063

A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity ...

CVE-2024-4063 EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation

A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity ...

CVE-2024-4063

CVE-2024-4063 affects EZVIZ CS-C6-21WFR-8 running version 5.2.7 Build 170628, with the Davinci Application component showing improper certificate validation. The vulnerability enables remote initiation of an attack, though attack complexity is described as high and exploitability as difficult. Th...

CVE-2024-4062 Hualai Xiaofang iSC5 certificate validation

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-4062 Hualai Xiaofang iSC5 certificate validation

A vulnerability was found in Hualai Xiaofang iSC5 3.2.2112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-3872

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link...

CVE-2024-3872

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link...

CVE-2024-3872

Mattermost Mobile app versions 2.13.0 and earlier are affected by a vulnerability in the deep-link parsing logic, where a regular expression with polynomial complexity can be exploited by an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link. The issue ...