Missing Critical Step in Authentication

Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to improper enforcement of security constraints on PKCS11-hosted private keys. An attacker can bypass intended security restrictions by exploiting the issue where only the first key is...

CVE-2023-47757

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects...

August 8, 2023—KB5029308 (Security-only update)

August 8, 2023—KB5029308 Security-only update IMPORTANT Windows Server 2012 end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will continu...

August 8, 2023—KB5029242 (OS Build 14393.6167) - EXPIRED

August 8, 2023—KB5029242 OS Build 14393.6167 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

May 9, 2023—KB5026427 (Security-only update)

May 9, 2023—KB5026427 Security-only update IMPORTANT As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows Server 2008 SP2. For customers who need additional time to upgrade and modernize their Windows Server 2008 SP2 on Azure, we offer one...

PT-2023-12819 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to information disclosure in the modem, caused by improper input validation during the parsing of upcoming CoAP messages. Recommendations: At the moment, there is no...

PT-2023-12817 · Qualcomm · 9205 Lte Modem Firmware +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue is related to memory corruption in a modem, caused by improper input validation when handling incoming CoAP messages. Recommendations: At the moment, there is no information...

PT-2023-13238 · Qualcomm · 9205 Lte Modem Firmware +18

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to memory corruption in a modem. This occurs due to an improper check while calculating the size of a serialized CoAP message, leading to potential exploitation...

SUSE CVE-2014-8171

The memory resource controller aka memcg in the Linux kernel allows local users to cause a denial of service deadlock by spawning new processes within a memory-constrained cgroup...

CVE-2023-0574

Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

The U.S. National Institute of Standards and Technology NIST has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and...

Privilege Escalation

samba is vulnerable to Privilege Escalation. The vulnerability exists because the service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with...

Samba Multiple Vulnerabilities (Dec 2022)

Samba is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...

AlmaLinux 8 : nodejs:14 (ALSA-2022:7830)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7830 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-44532...

Design/Logic Flaw

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...

Microsoft Azure Real Time Operating System 安全漏洞

Microsoft Azure Real Time Operating System Azure RTOS is an embedded development kit from Microsoft Corporation USA that includes a small but powerful operating system that delivers reliable, ultra-fast performance for resource-constrained devices. A security vulnerability exists in the Microsoft...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

Constrained environment breakout. .NET Assembly exfiltration via Internet Options

It’s not uncommon for developers to find that they need to help their end users. For starter, the business requirements for software can be highly convoluted and technical. Working with banking systems, insurance firms, actuarial services etc, most developers aren’t going to understand the proces...