CVE-2023-22088

...

CVE-2023-22083

...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: buildkitd, up, prometheus-adapter, k3s, kubevela, caddy, kubernetes...

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1741 SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service vulnerability October 12, 2023 CVE Number CVE-2023-23581 SUMMARY A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.967...

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...

function 'accrueInterest(address vToken)' allows too many rewards to be allocated

Lines of code Vulnerability details Impact Malicious users can increase the number of rewards they receive within a block. Proof of Concept In the Prime contract, marketsvToken.rewardIndex is used to determine how many rewards are allocated to Prime token holders, and its value can only be change...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

OSV-2023-936 Heap-buffer-overflow in Gfx::decode_bmp_pixel_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62782 Crash type: Heap-buffer-overflow READ 1 Crash state: Gfx::decodebmppixeldata Gfx::BMPImageDecoderPlugin::frame Gfx::ICOImageDecoderPlugin::loadicobitmap...

CVE-2023-44168

...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-010)

The version of python38 installed on the remote host is prior to 3.8.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2023-010 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It...

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX

How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based o...

GHSA-7MP6-929P-PQHJ vulnerabilities

Vulnerabilities for packages: croc...

Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Description The plugin allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. As an admin, use the File Manager UI to upload a file shell.php...

OSV-2023-862 Heap-use-after-free in g_datalist_get_flags

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62381 Crash type: Heap-use-after-free READ 8 Crash state: gdatalistgetflags gobjectunref gstobjectunref...

Microsoft Exchange Server Information Disclosure Vulnerability (CNVD-2023-72229)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An information disclosure vulnerability exists in Microsoft Exchange Server, which can be exploit...

CVE-2013-5250

Rejected reason: This candidate is unused by its CNA...

CVE-2011-3433

Rejected reason: This candidate is unused by its CNA...

Siemens RUGGEDCOM ROX Improper Neutralization of Special Elements Used in a Command (CVE-2023-36751)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...