42 matches found
Holographic Projection and Cyber Attack Surface: a Physical Analogy for Digital Security
This article presents an in-depth exploration of the analogy between the Holographic Principle in theoretical physics and cyber attack surfaces in digital security. Building on concepts such as black hole entropy and AdS/CFT duality, it highlights how complex infrastructures project their...
Cybersecurity for Autonomous Vehicles
The increasing adoption of autonomous vehicles is bringing a major shift in the automotive industry. However, as these vehicles become more connected, cybersecurity threats have emerged as a serious concern. Protecting the security and integrity of autonomous systems is essential to prevent...
CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address...
GHSA-FWVG-2739-22V7 Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network...
PT-2023-32863 · Miniflare · Miniflare
Name of the Vulnerable Software and Affected Versions: Miniflare versions prior to 3.20231030.2 Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on...
PT-2023-20608 · Xiaomi · Xiaomi Router
Name of the Vulnerable Software and Affected Versions: Xiaomi routers affected versions not specified Description: The issue is caused by inadequate filtering of responses from external interfaces, leading to command injection. Attackers can exploit this by hijacking the ISP or upper-layer routin...
SUSE CVE-2021-42343
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...
PT-2022-18607 · Unknown · Sns Firewall
Name of the Vulnerable Software and Affected Versions: SNS firewall versions 3.7.0 through 3.7.29 SNS firewall versions 3.11.0 through 3.11.17 SNS firewall versions 4.2.0 through 4.2.10 SNS firewall versions 4.3.0 through 4.3.6 Description: Flooding the SNS firewall with specific forged traffic c...
PT-2022-3965 · Illumina · Illumina Local Run Manager
Name of the Vulnerable Software and Affected Versions: Illumina Local Run Manager affected versions not specified Description: The issue is related to incorrect code generation management in Illumina Local Run Manager. An unauthenticated malicious actor can upload and execute code remotely at the...
Duplicate Advisory: Remote code execution in dask
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hwqr-f3v9-hwxr. This link is maintained to preserve external references. Original Description An issue was discovered in Dask aka python-dask through 2021.09.1. Single machine Dask clusters started with...
DEBIAN-CVE-2021-42343
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...
PYSEC-2021-872
Withdrawn as duplicate of PYSEC-2021-871. An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their...
PYSEC-2021-387
An issue was discovered in Dask aka python-dask through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on external interfaces...
UBUNTU-CVE-2021-42343
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...
Python Dask 安全漏洞
Python Dask is a flexible parallel computing library for Python. Dask suffers from a security vulnerability that stems from the fact that standalone Dask clusters started as Dask .distributed.LocalCluster or Dask .distributed. client LocalCluster is used by default will incorrectly configure thei...
OTRS AG OTRSTicketForms 信息泄露漏洞
OTRS AG OTRSTicketForms is a functional add-on from OTRS Germany. Using it it is possible to display different ticket masks and forms in the agent and external interfaces, depending on which dynamic fields are relevant for the customer request. An information disclosure vulnerability exists in OT...
The vulnerability of the JunOS operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the JunOS operating system’s kernel is related to errors in processing packets destined for another address. Exploiting this vulnerability can allow an attacker to trigger a kernel error and a service failure by sending specially crafted packets from external control interfac...
The vulnerability of the interface for internal and external switches of the GlobalProtect operating system PAN-OS allows a attacker to cause a service failure or obtain confidential information.
The vulnerability of the internal and external gateway interfaces of the GlobalProtect operating system PAN-OS is related to incorrect restrictions on XML links to external objects XXE. Exploiting this vulnerability can allow a malicious actor to obtain confidential information, cause service...
cups-filters limitations bypass
Local printers may be accessible via external interfaces...
Code injection
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties...