PT-2024-2655 · Libcurl +12 · Libcurl +12

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts...

4 Ways Hackers use Social Engineering to Bypass MFA

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication MFA. With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can...

CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

UBUNTU-CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

CVE-2023-6564

GitLab CVE-2023-6564 affects GitLab EE Premium and Ultimate versions 16.4.3, 16.5.3, and 16.6.1. In projects that use subgroups to define who can push or merge to protected branches, subgroup members with the Developer role could push or merge to those protected branches, indicating an authorizat...

CVE-2023-6564

Removed by vendor...

Facebook fatal accident scam still rages on

Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English. I have seen two different types in German. First Facebook scam...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

SUSE CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

The vulnerability of Mozilla Firefox browser push-notifications on Android operating systems allows a perpetrator to gain unauthorized access to limited functions.

The vulnerability of browser notifications in the Mozilla Firefox browser on Android operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to limited functions...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Design/Logic Flaw

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

UBUNTU-CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...