GO-2024-3288 Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig

Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws in github.com/taurusgroup/multi-party-sig...

CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects...

CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects...

CVE-2024-36463

The CVE-2024-36463 issue affects Zabbix JS where the atob implementation can be used to create strings with arbitrary content and access internal properties of objects. This is the stated vulnerability, but the provided documents do not specify affected versions, concrete exploit steps, or remedi...

The vulnerability of Google Chrome’s Blink rendering module allows a hacker to replace the user interface.

The vulnerability of Google Chrome’s Blink rendering module is related to improper implementation. Exploiting this vulnerability allows a remote attacker to replace the user interface with a specially created HTML page...

The vulnerability of the Views component in Google Chrome allows a hacker to escape from an isolated environment.

The vulnerability of the Views component in Google Chrome is related to improper implementation. Exploiting this vulnerability can allow an attacker to escape from a isolated environment using a specially crafted HTML page...

The vulnerability of the Accessibility component in Google Chrome browser allows a perpetrator to compromise the rendering process.

The vulnerability of the Accessibility component in Google Chrome is related to improper implementation. Exploiting this vulnerability allows a remote attacker to compromise the rendering process through a specially crafted HTML page...

Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

GHSA-7F6P-PHW2-8253 Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

CVE-2024-9665

Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious ema...

CVE-2024-9710 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-50200

In the Linux kernel, the following vulnerability has been resolved: mapletree: correct tree corruption on spanning store Patch series "mapletree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence sinc...

Incorrect Object Recycling And Re-use

Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...

CVE-2018-9344

In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

wordpress-really-simple-security-authn-bypass-exploit This is...

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...