Deserialization of untrusted data

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

CVE-2024-0937 van_der_Schaar LAB synthcity PKL File load_from_file deserialization

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

Deserialization of untrusted data

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...

Vulnerability fixed in VMware Aria Automation

VMWare has fixed a vulnerability in Aria Automation, formerly known as vRealize Automation. An authenticated malicious party could exploit the vulnerability to gain access gain access to the Aria Automation instance, and possibly to systems of third parties. The malicious party can thus perform...

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab

CVE-2023-7028 An issue has been discovered in GitLab CE/EE aff...

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Recent assessments: cbeek-r7 at January 11, 2024 10:43am UTC reported: CVE-2023-46805 is an...

PT-2024-14341 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.city.vlan parameter in the formSetIptv function. Recommendations: For Tenda AX1803 version 1.0.0.1, as a temporary workaround,...

AZL-33284 CVE-2024-21646 affecting package azure-iot-sdk-c for versions less than 2022.01.21-2

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remo...

charcutiers-traiteurs-yonne.fr Improper Access Control vulnerability OBB-3824350

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NIST SP 800-53 Rev. 5 Updates: What You Need to Know About The Most Recent Patch Release (5.1.1)

On November 7th, the National Institute of Standards and Technology NIST issued an update to SP 800-53, a NIST-curated catalog of controls that organizations can implement to effectively manage security and privacy risk. In this blog we’ll cover the new and updated controls within patch release...

PT-2023-7977 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1 Description: The pf4 packet filter in FreeBSD incorrectly validates TCP sequence...

CVE-2023-48235

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

PYSEC-2023-224

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

AZL-32107 CVE-2023-46118 affecting package rabbitmq-server for versions less than 3.11.24-1

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

Vulnerability fixed in Oracle Supply Chain

Oracle has fixed a vulnerability in Agile PLM. A malicious party could exploit the vulnerability to gain sensitive information or full access to all data accessible to Oracle Agile PLM accessible data. Oracle has fixed the vulnerability in the following product: - Oracle Agile PLM...

Yifan YF325 httpd nvram.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...

Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...