EUVD-2024-35628

Malicious code in bioql PyPI...

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...

How to Support Agile Development Through Cybersecurity Best Practices

Understanding other peoples problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition...

[SECURITY] Fedora 36 Update: golang-github-krishicks-yaml-patch-0.0.10-9.20200307git05b3177.fc36

Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementat ion of JavaScript Object Notation JSON Patch, directly transposed to YAML...

Samba 2.0.0 <= 3.0.9 Vulnerability (CVE-2004-1154)

Integer overflow could lead to remote code execution RCE. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

Ruby: Arbitrary heap overread in strscan on 32 bit Ruby, patch included

ruby require 'strscan' x = 'x' 0x7FFFFFFE s = StringScanner.newx s.pos = 0x7FFFFFFD t = s.peek40000 t.eachbyte do |i| if i != 0 print i.chr end end Run: sh ./ruby r.rb | strings My output: @ ;@VTdBE...

OpenSSL Man-in-the-middle vulnerability

The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

fbsd-ping.txt

--0-1774392370-951065021=:49727 Content-Type: TEXT/PLAIN; charset=US-ASCII Attached unofficial patch to drop ICMP packets larger than 8184 bytes. E-Mail/Flame me if not liked... I wanted to be able to set the maximum value via sysctl but I'm not sure if I'll break anything, feel free to pick up...