11966 matches found
MAL-2024-9963 Malicious code in confluent-docker-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc7d66b033c3d09c07ce3226cd534199a9f8cb2200a79035526192fb140b94d9 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
MAL-2024-10100 Malicious code in oz-merkle-tree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
GO-2022-0496 Path traversal mitigation bypass in OctoRPKI in github.com/cloudflare/cfrpki
Path traversal mitigation bypass in OctoRPKI in github.com/cloudflare/cfrpki...
CVE-2023-52912
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: 377.706202 kernel BUG at drivers/gpu/drm/drmbuddy.c:278! 377.706215 invalid opcode: 0000 1 PREEMPT SM...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
GHSA-WCG9-PGQV-XM5V XWiki Platform allows XSS through XClass name in string properties
Impact Is it possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. Reproduction steps 1. As a user without script or programming right, create a non-terminal document...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5...
aplicacoes.mds.gov.br Cross Site Scripting vulnerability OBB-3958799
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-42311 hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfsinodeinfo after hfsallocinode Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG:...
CVE-2024-42294
In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sdremove & sdrelease Our test report the following hung task: 2538.459400 INFO: task "kworker/0:0":7 blocked for more than 188 seconds. 2538.459427 Call trace: 2538.459430 switchto+0x174/0x338...
CVE-2023-52889 apparmor: Fix null pointer deref when receiving skb during sock creation
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SKCTXsk-label is updated in...
CVE-2024-42271 net/iucv: fix use after free in iucv_sock_close()
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...
CVE-2023-47728 IBM QRadar Suite Software information disclosure
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks again...
OSV-2024-965 Stack-buffer-overflow in FLAC__stream_encoder_init_ogg_file
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42537419 Crash type: Stack-buffer-overflow READ 13 Crash state: FLACstreamencoderinitoggfile EncoderSessioninitencoder flacencodefile...
MAL-2024-9938 Malicious code in aiotrans (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3bd64da5911ab6ec28e1bc33993b363b52702ff6bb19a87b98f37267d0784664 Package "uconst" is the package containing malicious code with multiple stage, exfiltrating basic info as well as browser data. It's put into others as...
GHSA-CCQH-278P-XQ6W webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path...
CVE-2024-42252
In the Linux kernel, the following vulnerability has been resolved: closures: Change BUGON to WARNON If a BUGON can be hit in the wild, it shouldn't be a BUGON For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------ cut here ------------ 03240...
Yoga Class Registration System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Yoga Class Registration System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....
Exploit for SQL Injection in Churchcrm
PoC exploit for CVE-2024-25897, an exploit module targeting Jenk...
CVE-2024-42251
In the Linux kernel, the following vulnerability has been resolved: mm: pageref: remove foliotrygetrcu The below bug was reported on a non-SMP kernel: 275.267158 T4335 ------------ cut here ------------ 275.267949 T4335 kernel BUG at include/linux/pageref.h:275! 275.268526 T4335 invalid opcode:...