PT-2024-7993 · F5 +1 · F5 Networks +1

Name of the Vulnerable Software and Affected Versions: NGINX OpenID Connect affected versions not specified F5 Networks affected versions not specified Description: A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login...

Marvin Attack: potential key recovery through timing sidechannels

The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...

Unprotected initialize functions can front-run by MEV or by an Attacker

Lines of code Vulnerability details Vulnerability Detail It should be avoided that the implementation of proxy contracts can be initialized by third parties. This can be the case if the initialize function is unprotected. Since the implementation contract is not meant to be used directly without ...

Directory traversal

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a...

CVE-2018-5258

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate...

Over 1 Billion Mobile App Accounts can be Hijacked Remotely with this Simple Hack

Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim. A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chine...

FreeBSD 3.4 NetBSD 1.4.1 OpenBSD 2.6 - proc FileSystem

FreeBSD 3.4 NetBSD 1.4.1 OpenBSD 2.6 - proc FileSystem // source: https://www.securityfocus.com/bid/940/info Certain BSD derivative operating systems use an implantation of the /proc filesystem which is vulnerable to attack from malicious local users. This attack will gain the user root access to...