Code injection

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

[SECURITY] Fedora 38 Update: python3.11-3.11.3-2.fc38

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

PT-2023-24494 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or...

USN-5725-2 golang-1.13 vulnerability

USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this...

PT-2023-18901 · Ciq Api · Ciq Api

Name of the Vulnerable Software and Affected Versions: CIQ API versions 2.2.0 through 4.1.7 Description: The Toybox.Ant.BurstPayload.add API method suffers from a type confusion issue, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted...

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from an unvalidated API function parameter that results in a buffer...

Are Your APIs Leaking Sensitive Data?

It's no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization's reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica...

Fedora: Security Advisory for golang (FEDORA-2023-12504e8774)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the application software interface of the Cisco DNA Center allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application programming interface of the Cisco DNA Center relates to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially creat...

PT-2023-36175 · Unknown · Kubernetes Containerd

Name of the Vulnerable Software and Affected Versions: containerd affected versions not specified Description: The issue is related to rebuilding containerd with a current version of go to catch up on bugfixes and security fixes. There is no information provided about the estimated number of...

HTTPS Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show...

New Strain of Sotdas Malware Discovered

Introduction There are numerous malicious codes that are currently active on smart devices, such as Ddosf, Dofloo, Gafgyt, MrBlack, Persirai, Sotdas, Tsunami, Triddy, Mirai, Moose, and Satori, among others. These malicious codes and their variants can intrude into and control smart devices throug...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...

[SECURITY] Fedora 38 Update: golang-1.20.4-1.fc38

The Go Programming Language...

[SECURITY] Fedora 37 Update: golang-1.19.9-1.fc37

The Go Programming Language...