ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...

Improper Handling of Insufficient Privileges (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software allows a perpetrator to gain access to confidential information.

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a perpetrator to trigger a service failure.

The vulnerability of the APIX application programming interface for the AXIS OS operating system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

The vulnerability of the APIX application programming interface for the AXIS OS operating system allows a hacker to delete any files they desire.

The vulnerability of the APIX application programming interface for the AXIS OS operating system relates to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files remotely...

CVE-2023-49241

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality...

[SECURITY] Fedora 39 Update: perl-5.38.2-502.fc39

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

AZL-32100 CVE-2023-45287 affecting package golang for versions less than 1.20.0-1

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

The vulnerability of the application programming interface of the WordPress website management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the WordPress website content management system’s application interface is related to insufficient protection of sensitive data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2023-8934 · Unknown · Freertos Kernel

Name of the Vulnerable Software and Affected Versions: FreeRTOS Kernel versions through 10.6.1 Description: The issue is related to insufficient protection against local privilege escalation via Return Oriented Programming techniques, should a vulnerability exist that allows code injection and...

Fedora: Security Advisory for golang (FEDORA-2023-7e185b8c12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: golang-1.20.11-1.fc37

The Go Programming Language...

Go: Multiple Vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Ethereum ABI decoder DoS when parsing ZST

With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...

AXIS OS Path Traversal Vulnerability

AXIS Os is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the VAPIX API irissetup.cgi being susceptible to a path traversal attack that allows file deletion...

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

The stealer malware known as LummaC2 aka Lumma Stealer now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until...

[SECURITY] Fedora 38 Update: golang-1.20.11-1.fc38

The Go Programming Language...

[SECURITY] Fedora 39 Update: golang-1.21.4-1.fc39

The Go Programming Language...