Velocidex Velociraptor has an off-by-one error

An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...

Amazon pays $2.5B settlement over deceptive Prime subscriptions

Another day, another settlement. Amazon has settled a lawsuit filed by the Federal Trade Commission FTC over misleading customers who signed up for Amazon Prime—though it claims it did nothing wrong. The FTC alleged that Amazon used deceptive methods to sign up consumers for Prime subscriptions—a...

RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers

...

Malicious code in service-content-consumers (npm)

The package service-content-consumers was found to contain malicious code...

MAL-2025-33010 Malicious code in service-content-consumers (npm)

The package service-content-consumers was found to contain malicious code...

Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management

Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...

CVE-2022-28133

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

CVE-2025-1470 Eclipse OMR: Null pointer dereference vulnerability

In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning i...

SUSE CVE-2024-40975

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the...

CVE-2022-48813

CVE-2022-48813 concerns the Linux kernel’s DSA Felix support. The advisory notes that using devres for the MDIO bus caused mdiobus_free() to panic when freed via devm_mdiobus_free(), unless the bus was unregistered first. For the Felix VSC9959 switch (PCI device), the recommended remediation is t...

GHSA-Q64H-39HV-4CF7 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository’s HEAD reference of its default branch by passing arguments to the Git binary on the host...

PT-2024-2614 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.7.1 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to...

[SECURITY] Fedora 40 Update: apiguardian-1.1.2-12.fc40

API Guardian indicates the status of an API element and therefore its level of stability as well. It is used to annotate public types, methods, constructors, and fields within a framework or application in order to publish their API status and level of stability and to indicate how they are...

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

DEBIAN-CVE-2021-47067

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is out of range due to a bug in the code. The max-spread requirement shall be accounted when C...

Albabat Ransomware Infiltrates via Counter-Strike Cheat Utility

Summary: Albabat ransomware, made its debut in November 2023, emerging as a financially motivated threat crafted in Rust. This ransomware has targeted both corporate entities and individual consumers across diverse geographical regions. Threat Level - Red | Attack Report For a detailed threat...

CVE-2023-50714 The Oauth2 PKCE implementation is vulnerable

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...

CVE-2023-50714 The Oauth2 PKCE implementation is vulnerable

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...