CVE-2024-52520

The CVE-2024-52520 entries describe a vulnerability in Nextcloud Server where a pre-flighted HEAD request allows the link reference provider to be tricked into downloading larger websites than intended to extract open-graph data. Affected software includes Nextcloud Server and Enterprise Server w...

MAL-2024-9267 Malicious code in innostage-group (PyPI)

The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 9d0f2f6104de4772268a20f51e009797c0c4b0740d18d98d730417fdafdfb052 When imported, the package download and runs a remote stage - a reverse shell. To mas...

MAL-2024-2181 Malicious code in down_load_ebook_gelassenheit_durch_stoizismus_by_josef_moser_vbg8g (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2118 Malicious code in down_load_ebook_3_nouvelles_engagees_by_eugene_ionesco_dino_buzzati_boris_vian_792ow (npm)

--- -= Per source details. Do not edit below this line.=-...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: information disclosure by exploiting a mixed case flaw CVE-2023-46218 For more details about the security issues,...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-29409)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an...

CVE-2023-33054

Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data...

RLSA-2023:5763 Important: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...

Security Bulletin: IBM Cognos Analytics has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2023-35009, CVE-2023-35011)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics. IBM Cognos Analytics is vulnerable to an Arbitrary File Write via Archive Extraction Zip Slip in JSZip CVE-2022-48285. This has been addressed by upgrading JZIP to a non-vulnerable version. A Server-Side Request Forgery...

CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

Code injection

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

CVE-2023-24603

CVE-2023-24603 affects Open-Xchange OX App Suite prior to backend 7.10.6-rev37. The vulnerability stems from missing size-limits when downloading data, e.g., a crafted iCal feed could deliver unlimited data, potentially leading to information exposure and resource abuse. Public sources in the con...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

RLSA-2023:1140 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...

PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...

ALSA-2022:6159 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP compression denial of service CVE-2022-32206 curl: FTP-KRB bad message verification CVE-2022-32208 For more...

CVE-2021-40899

A Regular Expression Denial of Service ReDOS vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories...

[SECURITY] Fedora 36 Update: zchunk-1.2.2-1.fc36

zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the "Log4j" Java library vulnerability CVE-2021-44228 for a list of URL with multithreading The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request...