UBUNTU-CVE-2024-0749

A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox 122 and Thunderbird 115.7...

The vulnerability of the Foundation component of the macOS operating system, which allows a hacker to disclose protected information

The vulnerability of the Foundation component of the macOS operating system is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

CVE-2024-21597

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

CVE-2024-21597

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

Design/Logic Flaw

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

CVE-2024-21597 Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

CVE-2024-21597 Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric AF scenario if routing-instances RI are...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that originates from a resource exposure to the wrong...

dotnet: X509 Certificates - Validation Bypass across Azure

A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...

PT-2024-1131 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on MX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on MX Series version 21.2 versions earlier than 21.2R3-S3 Juniper Networks Junos OS on MX Series version 21.4 versions earlier than 21.4R3-S5...

Rust EVM Security Vulnerability

Rust EVM is an Ethernet virtual machine interpreter. A security vulnerability exists in Rust EVM 0.41.0 and earlier versions, which stems from the recordexternaloperation function falsely interacting with the stack, resulting in the presence of incorrect return values...

Fedora 39 : python3.10 (2023-c61a7d5227)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c61a7d5227 advisory. Security fix for CVE-2023-27043. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Red Hat Undertow Security Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. Red Hat Undertow suffers from a security vulnerability that stems from the fact that when an AJP request is sent and no AJP response is received, and the TCP...

SoftIron HyperCloud Security Vulnerability

SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions prior to 2.0.0 to 2.0.3, which stems from the fact that compute nodes can come online without being properly initialized, resulting in workloads being deployed t...

CVE-2023-32857

In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710...

Confluence XHR requests have the wrong content type

h3. Problem Watching or Stop watching a Confluence page and other operations see below list of identified endpoints will generate a request like the one below copied as curl from HAR capture for convenience: code:java curl 'https://confluence/rest/api/user/watch/content/9999999' \ -X 'DELETE' \ -...

wrong implementation cause unfair distribution

Lines of code Vulnerability details Impact wrong implementation cause unfair fee distribution among sharesHolder Proof of Concept In sell and mintNFt ,tokensInCirculation and tokens owned by address is deducted only after split fee is happened .To be fair , user should not get fee from tokens tha...

Lost fees

Lines of code Vulnerability details Impact Buyers do not get any split of the fees. It is instead to be distributed to holders. But holder splits on successive buys are partially lost to the contract and cannot be recovered. Proof of concept The buyer's rewardsLastClaimedValueidmsg.sender is...

D.O.S due to wrong scaling factor

Lines of code Vulnerability details Impact The cNote token which is a fork of the CToken contract has a scaling method used to handle the exchange rate between CToken and the underlying token. This method helps scale the exchange rate because solidity doesn't handle fixed-point decimals. The...

SiYuan Notes Software Web App is a privacy-first personal knowledge management system that supports full offline use as well as end-to-end encrypted synchronization. Yunnan ChainDrop Technology Co., Ltd. has an XSS vulnerability in the Siyuan Notes Software Web application, which can be exploited by attackers to obtain sensitive information such as user cookies.

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow HDFS Provider, which stems...