EUVD-2021-18588

Malware in sbrugna...

CVE-2023-38714

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...

CVE-2025-21529

CVE-2025-21529 affects Oracle MySQL Server, specifically the Information Schema, with vulnerable versions: 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The vulnerability can be exploited remotely over multiple protocols to cause the server to hang or crash (DoS). The connected sources ...

GHSA-XF7J-4X67-6H93

creationtimestamp| type| source ---|---|--- 2025-01-13 21:38:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113823205963235371...

CVE-2019-2483

...

CVE-2024-7730

creationtimestamp| type| source ---|---|--- 2024-11-14 12:29:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113481310836070806 2024-11-14 14:08:42+00:00| seen| https://t.me/cvedetector/10932...

CVE-2023-22351

Out-of-bounds write in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

CVE-2024-26930

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha-vpmap pointer Coverity scan reported potential risk of double free of the pointer ha-vpmap. ha-vpmap was freed in qla2x00memalloc, and again freed in function qla2x00memfreeha. Assign NULL...

CVE-2024-26930

CVE-2024-26930 : In the Linux kernel, the SCSI/QLA2xxx double-free vulnerability occurs when ha->vp_map is freed twice (in qla2x00_mem_alloc and again in qla2x00_mem_free). The root cause is a use-after-free-like double free of ha->vp_map; the fix assigns NULL to vp_map and lets kfree handl...

CVE-2024-26930 scsi: qla2xxx: Fix double free of the ha->vp_map pointer

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha-vpmap pointer Coverity scan reported potential risk of double free of the pointer ha-vpmap. ha-vpmap was freed in qla2x00memalloc, and again freed in function qla2x00memfreeha. Assign NULL...

Signature Verification for batchVoteForManyWithSig Function

Lines of code Vulnerability details Potential Risk: The batchVoteForManyWithSig function in the CultureIndex contract allows multiple users to execute a batch of votes using provided signatures. While it attempts to verify the signatures, there are potential risks associated with signature...

CVE-2023-4204

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...

Azure AD アプリケーションにおける特権昇格の潜在的なリスクについて

本ブログは、Potential Risk of Privilege Escalation in Azure AD Applications の抄訳版です。最新の情報は原文を参照してください。 概要...

Code injection

The Mustache pix helper contained a potential Mustache injection risk if combined with user input note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS...

CVE-2022-35829

creationtimestamp| type| source ---|---|--- 2022-10-19 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/10/awareness-and-guidance-related-to-potential-service-fabric-explorer-sfx-v1-web-client-risk/ 2023-01-05 21:55:21+00:00| published-proof-of-concept| https://t.me/RESOLUTEATTACK/316...

libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a checkoverflow flag...

PYSEC-2020-186

A double-free is present in libyang before v1.0-r3 in the function yyparse when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

Chaturbate: A 10GB file is reachable

Summary A file is 10GB is accessible on the following server: http://edge193.stream.highwebmedia.com:8080/. Steps To Reproduce: 1. Open the following link: http://edge193.stream.highwebmedia.com:8080/download Additional notes: I tried to download the file and analyze it, but after 20 seconds the...