4399 matches found
OESA-2024-2431 python-requests security update
Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...
Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage
Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...
Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information
Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack...
CVE-2024-51364
creationtimestamp| type| source ---|---|--- 2024-11-21 19:41:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113522645973356490...
CVE-2024-52347
creationtimestamp| type| source ---|---|--- 2024-11-18 21:59:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113506201637274358 2024-11-19 00:04:53+00:00| seen| https://t.me/cvedetector/11399...
GHSA-JW4X-V69F-HH5W XmlScanner bypass leads to XXE
Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing as described in . Details The scan method converts the input in the UTF-8 encoding if it is...
CVE-2024-42389
creationtimestamp| type| source ---|---|--- 2024-11-18 09:46:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113503319205121302 2024-11-18 12:21:54+00:00| seen| https://t.me/cvedetector/11307...
CVE-2017-18590
creationtimestamp| type| source ---|---|--- 2024-11-16 21:58:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2017/CVE-2017-18590.yaml...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
CVE-2024-38063 PoC | DKob & N3TCR4SH Overview This scr...
CVE-2017-13313
creationtimestamp| type| source ---|---|--- 2024-11-15 22:04:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113489233319357126 2024-11-16 00:10:03+00:00| seen| https://t.me/cvedetector/11197...
Metasploit Weekly Wrap-Up: 11/15/2024
Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...
CVE-2023-20093
creationtimestamp| type| source ---|---|--- 2024-11-15 15:16:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113487629823715813...
CVE-2021-3742
creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597712148555 2024-11-15 13:15:51+00:00| seen| https://t.me/cvedetector/11073...
Fedora 37 : woff (2022-c30d362ce5)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c30d362ce5 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...
CVE-2024-50826
creationtimestamp| type| source ---|---|--- 2024-11-14 17:29:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113482489178632663 2024-11-14 17:32:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113482501269576658...
CVE-2024-50837
creationtimestamp| type| source ---|---|--- 2024-11-14 15:04:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113481919699228585 2024-11-14 16:39:39+00:00| seen| https://t.me/cvedetector/10963...
CVE-2021-21106
creationtimestamp| type| source ---|---|--- 2024-11-14 06:10:09+00:00| seen| MISP/04f708e2-47b6-4fd4-997c-c34be6ce1aa6...
CVE-2018-12533
creationtimestamp| type| source ---|---|--- 2024-11-14 06:08:23+00:00| seen| MISP/0ae5117a-c3f7-4b9f-97b5-d2b54144ee1e 2025-11-25 03:00:13+00:00| published-proof-of-concept| Telegram/cQbTgpKMUqE7r50TMi-Jo6XMKFA-M4NuOONOoKLBjTRKKPs...
cockpit security update
323.1-1.0.1 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation links Orabug: 30271413, Orabug: 32013095,...
Fedora 37 : python-m2r / python-mistune / python-mistune08 / etc (2022-e4f5866111)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-e4f5866111 advisory. - updates mistune to 2.0.4 - m2r updated to pin dependency to mistune 2 - new package: python-mistune08 compatibility package, to be used by dependents that...