CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

CVE-2024-7866 Stack overflow in Xpdf 4.05 due to object loop in PDF pattern

In Xpdf 4.05 and earlier, a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow...

PT-2024-38643

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is caused by a PDF object loop in a pattern resource, leading to infinite recursion and a stack overflow. This could allow attackers to crash the system or expose data. Recommendations For...

syntax-check 安全漏洞

syntax-check is an open source syntax checking tool from fish-shop. A security vulnerability exists in syntax-check, which stems from improper delimiter neutralization in pattern input...

PT-2024-29979 · Fish Shop · Syntax-Check

Name of the Vulnerable Software and Affected Versions: fish-shop/syntax-check versions prior to v1.6.12 fish-shop/syntax-check versions prior to v2.0.0 Description: The issue is related to improper neutralization of delimiters in the pattern input, specifically the command separator ; and command...

This Week in Spring - July 29th, 2024

Hi Spring fans! Welcome to another installment of This Week in Spring! It's July 29th, 2024! I can hardly believe it! We're less than a month away from SpringOne 2024! Have you registered for either in-person attendance or the free livestreams yet? As always, we've got a ton of stuff to cover so...

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CVE-2024-5634

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same...

CVE-2024-5634

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same...

Longse LBH30FE200W Security Breach

The Longse LBH30FE200W is a wireless webcam from China-based Longse Technology Longse. A security vulnerability exists in the Longse LBH30FE200W that stems from the use of a telnet password that follows a specific pattern. Once the pattern is known, it is relatively easy to brute-force break the...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...

cpio: Arbitrary Code Execution

Background cpio is a file archival tool which can also read and write tar files. Description Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact GNU cpio allows attackers to execute arbitrary code via a crafted pattern file...

MAL-2024-2844 Malicious code in @doccledev/pattern-library (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @doccledev/pattern-library (npm)

--- -= Per source details. Do not edit below this line.=-...

OESA-2024-1740 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: A...

CVE-2022-48760 USB: core: Fix hang in usb_kill_urb by adding memory barriers

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usbkillurb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usbkillurb to return. It turns out the issue is not unlinking the URB; that works just fine...

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...

Fedora: Security Advisory for rust-ripgrep (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : libxfont (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXfont: Insufficient input validation in pcfread.c CVE-2017-13722 - In the PatternMatch function in...