CVE-2024-36124

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-36124 iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash

iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar securi...

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

Critical Cybersecurity Loopholes Found in Paris 2024 Olympics Infrastructure

By Deeba Ahmed Paris 2024 Olympics face cybersecurity threats. Outpost24 analysis reveals open ports, SSL misconfigurations, and more. Can the organizers secure the Games in time? Read for critical insights and potential consequences. This is a post from HackRead.com Read the original post:...

It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business SMB, your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like y...

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

If youre a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if youre reading this newsletter, I probably shouldnt have to tell you about that either. But one of the things that...

Match Systems report on consequences of CBDC implementation, led by CEO Andrei Kutin

By Cyber Newswire Match Systems, a leading authority in crypto crimes investigations and crypto AML solutions provider, has published a comprehensive… This is a post from HackRead.com Read the original post: Match Systems report on consequences of CBDC implementation, led by CEO Andrei Kutin...

CVE-2024-1772

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...

Doppler: Github app(link) Takeover Listed on "https://docs.doppler.com/docs/github-actions" page

A github app presented on a Doppler documentation page was vulnerable to takeover, enabling attackers to achieve malicious objectives. The app link has since been removed or replaced to mitigate this vulnerability...

How the “Frontier” Became the Slogan of Uncontrolled AI

Artificial intelligence AI has been billed as the next frontier of humanity: the newly available expanse whose exploration will drive the next era of growth, wealth, and human flourishing. Its a scary metaphor. Throughout American history, the drive for expansion and the very concept of terrain u...

CVE-2023-47889

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

FreeBSD : OpenSSL -- Vector register corruption on PowerPC (8337251b-b07b-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8337251b-b07b-11ee-b0d7-84a93843eb75 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might...

Exploit for Cross-site Scripting in Phpgurukul Hospital_Management_System

CVE-2023-7173: Stored Cross-Site Scripting XSS in Hospital M...

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

This tool is intended for security testing purposes only. Do not...

Exploit for Cross-site Scripting in Modcluster Mod_Proxy_Cluster

CVE-2023-6710 Exploit POC Explore the depths of CVE-2023-6710...

Some functions that call Exchange.getMarkPrice function do not check if Exchange.getMarkPrice function's returned markPrice is 0

Lines of code Vulnerability details Vulnerability details Impact The following Exchange.getMarkPrice function uses pool.baseAssetPrice's returned baseAssetPrice, which is spotPrice returned by perpMarket.assetPrice, to calculate and return the markPrice. When such spotPrice is 0, this function...

[M-08] Mitigation error: withdrawStuckTokens() breaks trackedCvxBalance

Lines of code Vulnerability details Impact withdrawStuckTokens may incorrectly reduce trackedCvxBalance, which breaks the balance accounting. Proof of Concept function withdrawStuckTokensaddress token public onlyOwner uint256 tokenBalance = IERC20token.balanceOfaddressthis; if token == CVXADDRESS...

CVE-2023-4939

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...