The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SEO Panel Security Breach

SEO Panel is an open source panel for managing SEO Search Engine Optimization on websites. A security vulnerability exists in SEO Panel version 4.10.0 that stems from a discrepancy in error messages during user authentication that could allow an attacker to determine if a username is valid, leadi...

The vulnerability of Websoft HCM’s automation software for HR processes stems from name management or file path handling errors, allowing attackers to gain access to the file system.

The vulnerability of Websoft HCM’s automation software for HR processes is related to name management or file path handling errors. Exploiting this vulnerability can allow an attacker to gain read access to the file system remotely...

GHSA-8QPW-XQXJ-H4R2 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...

The vulnerability in Intel NUC’s built-in software, related to errors in processing input data, allows attackers to exploit their privileges.

The vulnerability of Intel NUC’s built-in software is related to errors in processing input data. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability in Intel NUC’s built-in software is related to errors during the removal of special components, allowing attackers to gain increased privileges.

The vulnerability of Intel NUC’s built-in software is related to errors during the removal of special components. Exploiting this vulnerability can allow an attacker to increase their privileges...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

Pwnkit Exploit Instructions I did not write this. This is on...

Tenda AC10 安全漏洞

Tenda AC10U is a wireless router from Tenda China. The Tenda AC10U suffers from a stack buffer overflow vulnerability caused by incorrect bounds checking in the formQuickIndex function. A remote attacker can exploit this vulnerability to cause a buffer overflow and execute arbitrary code on the...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the AppleMobileFileIntegrity component in the Safari browser and operating systems macOS, iOS, iPadOS, allows attackers to disclose protected information.

The vulnerability of AppleMobileFileIntegrity in the Safari browser and operating systems macOS, iOS, iPadOS is related to permission handling errors. Exploiting this vulnerability can allow attackers to disclose sensitive information...

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 8 : libxml2 (RHSA-2024:0413)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0413 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflo...

ALSA-2024:0466 Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Fortra (HelpSystems) GoAnywhere MFT application for secure file transfer, related to security mechanism errors, allows attackers to escalate their privileges.

The vulnerability of the Fortra HelpSystems GoAnywhere MFT application for secure file transfer is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a user administrator through the administration portal...

Google Chrome Security Update (stable-channel-update-for-desktop_23-2024-01) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...