Debian dla-3722 : libmariadb-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3722 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3722-1 [email protected] https://www.debian.org/lts/security/...

grub2 security update

2.06-70.0.2.2 - search command: add flag to only search root dev - Resolves: CVE-2023-4001...

shenmue.js-dev (=0.0.20) potentially affected by unknown CVE via syxx.js (=11.9.96)

syxx.js NPM version =11.9.96 is affected by a known vulnerability. The following packages have a transitive dependency on syxx.js and may be impacted: - shenmue.js-dev =0.0.20 Source cves: unknown CVE Source advisory: OSV:MAL-2024-144...

MAL-2024-143 Malicious code in shenmue.js-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d9db50cc4a7c28d282ae223537655ee93effd5621fb6d7bcba7cbcbcaa1f846 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian dla-3713 : libcppunit-subunit-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3713 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3713-1 [email protected] https://www.debian.org/lts/security/...

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

GHSA-C24V-8RFC-W8VW Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Summary Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to host...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has leveraged his considerable followi...

libuv: Buffer Overread

Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uvidnatoascii function before reading and manipulating the memory at that address. Impact The overread can resu...

EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-3049)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

PT-2024-1455 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A critical vulnerability has been found in the Web-based Management Interface of Tenda A15. The issue is related to a stack-based buffer overflow caused by the manipulation of the mac argument in the...

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

CVE-2023-47171

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

Design/Logic Flaw

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

CVE-2023-47171

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability

Talos Vulnerability Report TALOS-2023-1898 WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability January 10, 2024 CVE Number CVE-2023-49810 SUMMARY A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master...

PT-2024-13804 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: A login attempt restriction bypass issue exists in the checkLoginAttempts functionality. This can be triggered by a specially crafted HTTP request, leading to captcha bypass. An attacker c...

WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2023-1882 WWBN AVideo navbarMenuAndLogo.php user name cross-site scripting XSS vulnerability January 10, 2024 CVE Number CVE-2023-48730 SUMMARY A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev...