curl: Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM

Summary: curl is vulnerable to silent Man-in-the-Middle MITM attacks due to its design, which implicitly trusts the CA certificate path specified in the CURLCABUNDLE environment variable. This mechanism allows the entire TLS trust model chain of trust of curl to be hijacked without any warning or...

EUVD-2024-0849

Malicious code in bioql PyPI...

CVE-2023-40583

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

Design/Logic Flaw

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

libp2p nodes vulnerable to OOM attack

Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfe...

Mozilla Firefox JavaScript Engine Information Disclosure (CVE-2005-0989)

The Mozilla web browser and its derivatives, Firefox, Netscape, and K-Meleon are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. These applications have a built in functionality to interpret JavaScript code. One of the...