Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

Mozilla: Memory Corruption in Safe Browsing Code

The Mozilla Foundation Security Advisory describes this flaw as: Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash...

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from a broken access control under /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings,...

Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface API that isn't officially documented or supported. Contrary...

JTEKT ELECTRONICS Kostac PLC Programming Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Kostac PLC Programming Software Vulnerabilities: Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Fedora: Security Advisory for golang (FEDORA-2023-7442702a7d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

lua security update

An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The lua packages provide support for Lua, a powerful light-weight programming...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

[SECURITY] Fedora 36 Update: golang-1.19.7-1.fc36

The Go Programming Language...

CVE-2023-1749

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...

[SECURITY] Fedora 38 Update: golang-1.20.2-1.fc38

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2023-8ee7d4a8e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directus 资源管理错误漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in the Directus API version v.2.2.0. A remote attacker could exploit this vulnerability to cause a denial of service via a large number of HTTP requests to the system...

Nextcloud 信息泄露漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud that stems from a user being able to obtain the full data directory path to the Nextcloud serve...

The vulnerability of the Kubernetes cloud platform Red Hat OpenShift Data Science (RHODS) allows a hacker to send arbitrary API requests.

The vulnerability of the Kubernetes cloud platform Red Hat OpenShift Data Science RHODS is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to send arbitrary API requests remotely...

PT-2023-21996 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.0 through 24.0.6 Nextcloud Server versions 25.0.0 through 25.0.4 Nextcloud Enterprise Server versions 23.0.0 through 23.0.11 Nextcloud Enterprise Server versions 24.0.0 through 24.0.6 Nextcloud Enterprise Server...

The vulnerability of the Rack module in the Ruby programming language allows a hacker to trigger a service failure.

The vulnerability of the Rack module in the Ruby programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...

PT-2023-2330 · Rocket · Universe +1

Name of the Vulnerable Software and Affected Versions: Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002 Description: The issue is related to a buffer overflow in an...

New Dark Power Nim-based Ransomware Targeted Attacks Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary New Dark Power ransomware gang uses Nim programming language to create malware that encrypts specific services and processes, excludes crucial system files, clears logs, and generates a ransom note in...