CVE-2023-42365

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function...

CVE-2023-42364

CVE-2023-42364 describes a use-after-free in BusyBox v1.36.1’s awk.c evaluate function that can cause a denial of service via a crafted awk pattern. The Astra Linux security bulletin reiterates the same BusyBox vulnerability. Public details specify the vulnerability and affected binary, but there...

CVE-2023-42364

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...

Spring Tips: Spring Boot 3.2

Hi, Spring fans! In this installment of Spring Tips, I look at the new Spring Boot 3.2 release, due to drop today, the 23rd of November 2023! 23-11-23! We're diving into the cool new features of Spring Boot 3.2 and Java 21. We'll explore how virtual threads from Project Loom make your code run...

GitLab: Stored-XSS injected in Wiki page via Banzai pipeline

A vulnerability was found in the AbstractReferenceFilter class of the GitLab project that could be exploited to inject arbitrary HTML elements, leading to a stored cross-site scripting XSS vulnerability. The issue was caused by the way the application handled the processing of wiki page content,...

spring-security-webflux: path wildcard leads to security bypass

A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information...

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2023-36900 - About this vulnerability: https://msrc.micros...

SUSE CVE-2022-1117

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker...

CVE-2023-31422

A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...

Exploit for Command Injection in Mjdm Majordomo

Deep Dive: CVE-2023-50917 - Unmasking an Unauthenticated Remo...

StripedFly: Perennially flying under the radar

Introduction Its just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers,...

Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

CVE-2023-31422 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

GHSA-9242-6P36-6256 Inefficient Regular Expression Complexity in node-email-check

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

BIT-2020-15195

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

Spring AMQP Code Issue Vulnerability

Spring AMQP applies core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 1.0.0 through 2.4.16 and 3.0.0 through 3.0.9, which stems from the addition of an Allowed List pattern for deserializable class names in Spring...

FreeBSD : Apache httpd -- Multiple vulnerabilities (f923205f-6e66-11ee-85eb-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f923205f-6e66-11ee-85eb-84a93843eb75 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP...

CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...