9459 matches found
CVE-2023-25558 Deserialization of untrusted data in DataHub
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...
Hacking the Tax Code
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...
Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit
This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...
OpenBSD OpenSSH 9.1 Memory Safety Vulnerability
OpenBSD OpenSSH is prone to a memory safety vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...
Mitsubishi Electric Multiple Factory Automation Products (Update D)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...
CVE-2023-23110
An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the...
Rocky Linux 8 : firefox (RLSA-2022:8580)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8580 advisory. - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence o...
Lack of flexibility in updating cycle length leading to potential contract redeployment.
Lines of code Vulnerability details Impact function cycleOfuint32 timestamp private view returns uint32 cycle unchecked return timestamp / cycleSecs + 1; and function currCycleStart private view returns uint32 timestamp uint32 currTimestamp = currTimestamp; // slither-disable-next-line weak-prng...
Kevin Mitnick Hacked California Law in 1983
Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that theres warrant for his arrest by the California Youth Authority, an...
TimeswapV2LiquidityToken should not use totalSupply()+1 as tokenId
Lines of code Vulnerability details Impact Assuming ERC1155Enumerable is acting normally, there is a Accounting Issue about TimeswapV2LiquidityToken and TimeswapV2Token's tokenId. Different liquidities can have the same tokenId, leading to serious balance manipulation. I'm submitting this issue a...
KLA20188 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in GuestView can be exploited to cause...
PT-2023-1816 · Adobe · Dimension
Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to a use-after-free condition when handling USDZ files, potentially allowing an attacker to access sensitive information using a specially crafted USDZ file. This...
SOCOMEC MODULYS GP (UPDATE A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : SOCOMEC Equipment : MODULYS GP Vulnerability : Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...
Mozilla: libusrsctp library out of date
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...
Mozilla: libusrsctp library out of date
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...
Mozilla: libusrsctp library out of date
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...
SWC-109 Uninitialized Storage Pointer
Lines of code Vulnerability details Impact Uninitialized storage variables can point to unexpected storage locations. Proof of Concept // Exploitable Vulnerability MemoryPointer callData; Tools Used github Recommended Mitigation Steps // Initialize variable "callData" or set the storage attribute...
Medium: vim
Issue Overview: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free, etc. Since heap errors might include buffer overflows...
MySQL -- Multiple vulnerabilities
Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...
CVE-2022-46871
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...