Fedora 40 : thunderbird (2024-515180fdb3)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-515180fdb3 advisory. Update to 128.5.0 https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/...

CVE-2024-53138 net/mlx5e: kTLS, Fix incorrect page refcounting

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

PYSEC-2024-256

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

CVE-2024-53999

MobSF suffers a Stored Cross-Site Scripting (XSS) vulnerability in the Diff or Compare functionality. The issue stems from allowing scripts in the filename parameter during file uploads, enabling a malicious actor to upload a script and trigger its execution when users invoke the diff/compare fea...

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC --- Desc...

CBL Mariner 2.0 Security Update: bazel (CVE-2022-3474)

The version of bazel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3474 advisory. - A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases / ceph / zstd (CVE-2021-24032)

The version of CBL-Mariner Releases / ceph / zstd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-24032 advisory. - Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for...

The vulnerability of the deployment and model management software for deep learning in the Intel Distribution of OpenVINO Model Server lies in insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the deployment and model management software for deep learning in the Intel Distribution of OpenVINO Model Server is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The US Army's Vision of Soldiers in Exoskeletons Lives On

Following decades of failed attempts and dashed dreams, the US Army is once again trying out powered exoskeletons to help soldiers haul munitions and equipment in the field...

CVE-2024-53635

A Reflected Cross Site Scripting XSS vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter...

CVE-2024-53604

A SQL Injection vulnerability was found in /covid-tms/checkavailability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter...

CVE-2024-53604

A SQL Injection vulnerability was found in /covid-tms/checkavailability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter...

CVE-2024-53603

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter...

CVE-2024-53603

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter...

Malicious code in testing-react-jsme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1afdc8edc54b4a548142322d4eec45d5780ed57cab7a5228df0b0fdaa84ff61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11012 Malicious code in testing-react-jsme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1afdc8edc54b4a548142322d4eec45d5780ed57cab7a5228df0b0fdaa84ff61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-53635

A Reflected Cross Site Scripting XSS vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter...

CVE-2024-53603

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter...

PHPGurukul COVID 19 Testing Management System 安全漏洞

PHPGurukul COVID 19 Testing Management System is a COVID 19 Testing Management System from PHPGurukul Inc. A security vulnerability exists in PHPGurukul COVID 19 Testing Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary code...