golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

Open-Xchange App Suite 安全漏洞

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite version 8.21 and earlier, which stems from a cross-site scripting XSS vulnerability that originates from the presence of a cross-site...

Arbitrary Code Execution

r-base is vulnerable to Arbitrary Code Execution. The vulnerability is due to deserialization of untrusted data, which can occur when interacting with a maliciously crafted RDS R Data Serialization formatted file or R package, allows maliciously crafted RDS R Data Serialization formatted files to...

[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. - Deserialization of untrusted data can occur in the R statistical programming language, on any version...

CVE-2024-33513

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service...

CERT/CC Reports R Programming Language Vulnerability

CERT Coordination Center CERT/CC has released information on a vulnerability in R programming language implementations CVE-2024-27322link is external. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the...

Moderate: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Pouring Acid Rain

Pouring Acid Rain By Trellix · April 30, 2024 This blog was written by Max Kersten In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. The...

Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

ALSA-2024:2292 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user’s system when interacted...

Galah - An LLM-powered Web Honeypot Using The OpenAI API

TL;DR: Galah /ɡəˈlɑː/ - pronounced 'guh-laa' is an LLM Large Language Model powered web honeypot, currently compatible with the OpenAI API, that is able to mimic various applications and dynamically respond to arbitrary HTTP requests. Description Named after the clever Australian parrot known for...

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS R Data Serialization file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322 CVSS...

R statistical programming language 安全漏洞

R statistical programming language is a free programming language for statistical computing and graphics from the R Foundation. A security vulnerability exists in R statistical programming language version 1.4.0 through versions prior to 4.4.0, which stems from the presence of untrusted data...