CVE-2024-53365

creationtimestamp| type| source ---|---|--- 2024-11-26 16:51:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113550287775474366...

CVE-2020-12492

creationtimestamp| type| source ---|---|--- 2024-11-25 10:13:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113543060336017853...

CVE-2023-52333

creationtimestamp| type| source ---|---|--- 2024-11-22 20:57:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113528607479224384...

SurrealDB has an Uncaught Exception in Function Generating Random Time

The rand::time function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestampopt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in...

CVE-2024-52804

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

OESA-2024-2434 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

OESA-2024-2433 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

OESA-2024-2432 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

OESA-2024-2431 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage

Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack...

CVE-2024-51364

creationtimestamp| type| source ---|---|--- 2024-11-21 19:41:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113522645973356490...

CVE-2024-52347

creationtimestamp| type| source ---|---|--- 2024-11-18 21:59:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113506201637274358 2024-11-19 00:04:53+00:00| seen| https://t.me/cvedetector/11399...

GHSA-JW4X-V69F-HH5W XmlScanner bypass leads to XXE

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing as described in . Details The scan method converts the input in the UTF-8 encoding if it is...

CVE-2024-42389

creationtimestamp| type| source ---|---|--- 2024-11-18 09:46:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113503319205121302 2024-11-18 12:21:54+00:00| seen| https://t.me/cvedetector/11307...

CVE-2017-18590

creationtimestamp| type| source ---|---|--- 2024-11-16 21:58:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2017/CVE-2017-18590.yaml...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2024-38063 PoC | DKob & N3TCR4SH Overview This scr...

CVE-2017-13313

creationtimestamp| type| source ---|---|--- 2024-11-15 22:04:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113489233319357126 2024-11-16 00:10:03+00:00| seen| https://t.me/cvedetector/11197...

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...

CVE-2023-20093

creationtimestamp| type| source ---|---|--- 2024-11-15 15:16:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113487629823715813...