CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

RHEL 8 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-set-value: prototype pollution in function set-value CVE-2019-10747 - mixin-deep is vulnerable to...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...

PT-2024-14074 · Kakao · Kakaotalk

Name of the Vulnerable Software and Affected Versions: KakaoTalk version 10.4.3 Description: A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leak...

RHEL 7 : screen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - screen: Stack overflow due to deep recursion causing process freeze CVE-2015-6806 Note that Nessus has not tested f...

Report: The Dark Side of Phishing Protection

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks ar...

Friday Squid Blogging: Dana Squid Attacking Camera

Fantastic footage of a Dana squid attacking a camera at a depth of about a kilometer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

PT-2024-20341 · Unknown · @Blackprint/Engine

Name of the Vulnerable Software and Affected Versions: @blackprint/engine versions 0.8.12 through 0.9.1 Description: A Prototype Pollution issue allows an attacker to execute arbitrary code via the utils.setDeepProperty function of engine.min.js. This issue enables the execution of arbitrary code...

Blackprint 安全漏洞

Blackprint is a visual programming interface from Blackprint Open Source. A security vulnerability exists in blackprint version v.0.9.0, which originated from a vulnerability that allows attackers to execute arbitrary code via the utils.setDeepProperty function of engine.min.js...

PT-2024-40775 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ crash occurred, involving the functions check content type and change protocol, process request, and ndpi check http tcp...

RHEL 8 : nodejs-mixin-deep (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 Note that Nessus has not tested for th...

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.13.0 and earlier, which stems from the use of polynomial regular expressions to parse certain deep links, allowing an unauthenticated, remote attacker ...

deep-life-design.com Cross Site Scripting vulnerability OBB-3913485

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

[SECURITY] Fedora 39 Update: onnx-1.14.0-9.fc39

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

[SECURITY] Fedora 40 Update: onnx-1.14.1-2.fc40

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

Fedora: Security Advisory (FEDORA-2024-abe1e34fdb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-270e3b5e9b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26646

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains...