CVE-2024-52524 ReDoS in Giskard Scan text perturbation

Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution ReDoS vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

Usage: python3 cve-2022-42475.py rhost rport lhost lport Exempl...

5 BCDR Oversights That Leave You Exposed to Ransomware

Ransomware isn't just a buzzword; it's one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-38.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Fedora 37 : mediawiki / php-oojs-oojs-ui / php-wikimedia-assert / etc (2022-ea159a2ec4)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-ea159a2ec4 advisory. https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/thread/DMQKMFSH4K7KLBXWZTDBGI2PWLLHJHJZ/...

Fedora 41 : chromium (2024-e109b67926)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e109b67926 advisory. update to 128.0.6613.119 High CVE-2024-8362: Use after free in WebAudio High CVE-2024-7970: Out of bounds write in V8 Tenable has extracted the...

Fedora 38 : capnproto / fastnetmon / librime / rr / sonic-visualiser (2022-ef11bad952)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-ef11bad952 advisory. Update capnproto to version 0.10.3 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAM...

Fedora 37 : python3.8 (2022-94bee848e6)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-94bee848e6 advisory. The release you're looking at is Python 3.8.15, a security bugfix release for the legacy 3.8 series...

Fedora 37 : qemu (2022-920db25f88)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-920db25f88 advisory. Automatic update for qemu-6.2.0-5.fc37. Changelog Thu Feb 10 2022 Cole Robinson - 6.2.0-5 - Split out qemu-virtiofsd subpackage Wed Feb 9 2022 Eduar...

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...

DNA testing company vanishes along with its customers’ genetic data

.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id12063564d0c4-23margin-top:0px;margin-bottom:var--global-kb-spacing-sm, 1.5rem;.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrap...

DEBIAN-CVE-2024-50226

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report 1, cxltest was updated to register mock memory-devices after the mock root-port/bus device had been...

CBL Mariner 2.0 Security Update: mysql (CVE-2024-2410)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2410 advisory. - The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON...

CVE-2024-50175

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

FreeBSD : electron32 -- multiple vulnerabilities (96266fc9-1200-43b5-8393-4c51f54bb7bc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 96266fc9-1200-43b5-8393-4c51f54bb7bc advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

EulerOS 2.0 SP9 : gtk3 (EulerOS-SA-2024-2831)

According to the versions of the gtk3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current...

CVE-2024-50146

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5enetdevchangeprofile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile-cleanup...

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

Online Shopping Portal html_table.php File Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

Online Shopping Portal dymanic_table.php File Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...