115 matches found
CVE-2024-42458
server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...
CVE-2024-42458
server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...
CVE-2024-42458
Summary: CVE-2024-42458 affects Neat VNC (neatvnc) servers prior to 0.8.1. The issue, tracked in multiple sources, is that server.c does not properly validate the security type, a related problem to CVE-2006-2369. Impact (as stated): high confidentiality, integrity, and availability impact per CV...
CVE-2024-42458
server.c in Neat VNC aka neatvnc before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369...
CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...
Exploit for Improper Input Validation in Microsoft
CVE-2023-23397-PoW Proof of Work of CVE-2023-23397 for vulnera...
ksmbd: validate mech token in session setup
...
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...
CVE-2023-40383
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...
Microsoft Security Update Validation Report August 2023
Microsoft’s August 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues August still be found upon implementation. Follow best practices for testing and installing...
Continuous Security Validation with Penetration Testing as a Service (PTaaS)
Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center SOC, it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their...
Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access (CVE-2021-1228)
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
Microsoft Security Update Validation Report July 2023
Microsoft’s July 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...
CVE-2023-32289
The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
Rebalance amounts should be checked so that updated balances falls within thresholds
Lines of code Vulnerability details Rebalance amounts should be checked so that updated balances falls within thresholds Rebalance operations are allowed when the current percentage of xETH in the Curve pool is outside the defined thresholds. However, there is no check to ensure that the amount o...
Microsoft Security Update Validation Report May 2023
Microsoft’s May 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...
menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit shortcode: redirect duration="1"...