Path traversal

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

Mozilla Firefox < 115.5

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 115.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-50 advisory. - On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read...

AIOHTTP has problems in HTTP parser (the python one, not llhttp)

Summary The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. Details Bug 1: Bad parsing of Content-Length values Description RFC 9110 says this:...

PT-2023-36097 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: cpython affected versions not specified python3-sys affected versions not specified python27-sys affected versions not specified Description: The issue concerns the cpython crate and its underlying crates, python3-sys and python27-sys, which...

RHEL 9 : libssh (RHSA-2023:6643)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6643 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

Rocky Linux 9 : bash (RLSA-2023:0340)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0340 advisory. - A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parametertransform. This issue may lead to memory problems. CVE-2022-3715...

Graphic issue occurs on auto adjust resolution VDA session

Various graphical problems on special programs, such as black/white screen problems, color problems, truncation problems, etc. This problem only occurs on VDAs with automatic resolution adjustment; these problems do not occur with fixed resolutions...

Patch&#8230;later? Safari iLeakage bug not fixed

Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...

Ransomware reinfections on the rise from improper remediation

Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and theyll be blunt: Theyd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcin...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.216)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.216 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading...

[SECURITY] Fedora 38 Update: exercism-3.2.0-1.fc38

Exercism provides a way to do the problems on https://exercism.io. This CLI ships as a binary with no additional run-time requirements. This mea ns that if you're doing the Haskell problems on exercism you don't need a working Python or Ruby environment simply to fetch and submit exercises...

Cannot Connect to Server ";40;STAxxxx" on Mac Client

Symptom 1: Cannot connect to server ";40;STA " when launch ICA session from mac client With VPN enabled, user can only access internal network and fail to launch ICA session. Without VPN enabled,user can access to external network and launch ICA Session successfully Symptom 2: "The SDK context...

Unable to delete vDisks old versions on PVS 1912 LTSR

After merging versions of vDisk, unable to delete the old versions that were not in use anymore. The Delete option was grayed out. Following article: https://support.citrix.com/article/CTX215264 did not help...

Unable to access Storefront link using IP address

There is a requirement to access the Storefront URL using IP address. Accessing the URL as https:///Citrix/Storeweb throwserror "HTTP Error 404. The requested resource is not found." Accessing the URL using FQDN/baseURL as https://Storefront.domain.com/Citrix/Storeweb or...

You Can’t Rush Post-Quantum-Computing Cryptography Standards

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understandi...

EulerOS 2.0 SP9 : libssh (EulerOS-SA-2023-2586)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...

PT-2023-36241 · Unknown · Python-Pip

Name of the Vulnerable Software and Affected Versions: python-pip affected versions not specified Description: The issue with python-pip is related to the presence of .exe files in the RPM package, which could cause problems with security scanners. Recommendations: At the moment, there is no...

PT-2023-36239 · Pipewire · Pipewire

Name of the Vulnerable Software and Affected Versions: pipewire affected versions not specified Description: The issue allows an app with permission to access one stream to also access other streams. This is a security concern as it bypasses intended access controls. Additionally, there were fixe...

wrap after unfollow is enabled

Lines of code Vulnerability details Impact wrap after unfollownft is enabled , cause many problems Proof of Concept by design, wrap after unfollowed is not allowed,but it seems that it's possible due to lack of limitation. poc below: add below script in FollowNFTTest.t.sol //forge test --match-te...

Ethical Problems in Computer Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: "Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation": Abstract: The computer security research community regularly tackles ethical...