π¨ CVE-2022-40897
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
π@cveNotify
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
π@cveNotify
GitHub
setuptools/setuptools/package_index.py at fe8a98e696241487ba6ac9f91faa38ade939ec5d Β· pypa/setuptools
Official project repository for the Setuptools build system - pypa/setuptools
π¨ CVE-2022-3863
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
π@cveNotify
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 100.0.4896.75 for Windows, Mac and Linux which will roll out over the coming days/weeks. The Extended...
π¨ CVE-2022-26699
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.
π@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.
π@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
π¨ CVE-2022-35205
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
π@cveNotify
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
π@cveNotify
π¨ CVE-2023-28407
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-00955
π¨ CVE-2024-22526
Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
π@cveNotify
Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
π@cveNotify
Gist
CVE-2024-22526 ZeroPointer DongHa Lee
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2022-32503
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1.
π@cveNotify
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to this JTAG port may be able to connect to the device and bypass both hardware and software security protections. This affects Nuki Keypad before 1.9.2 and Nuki Fob before 1.8.1.
π@cveNotify
LHN
Multiple Security Flaws Found In Nuki Smart Locks
Researchers found numerous security flaws in various Nuki Smart locks. Exploiting the vulnerabilities could affect the smart locksβ confidentiality, integrity, and availability. Nuki Smart Locks Flaws According to an advisory from the NCC Group, their researchersβ¦
π¨ CVE-2024-27839
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
π@cveNotify
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-05-13-2024-2 iOS 17.5 and iPadOS 17.5
π¨ CVE-2024-32615
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
π@cveNotify
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
π@cveNotify
The HDF Group - ensuring long-term access and usability of HDF data and supporting users of HDF technologies
New HDF5 CVE Issues (Fixed in 1.14.4) - The HDF Group - ensuring long-term access and usability of HDF data and supporting usersβ¦
Several new HDF5 CVE issues have been filed in MITRE and these should be released to the public sometime in the next few weeks. They are all fixed in HDF5 1.14.4 (released April 15, 2024) and no MITRE CVE issues are unaddressed.
π¨ CVE-2024-34199
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
π@cveNotify
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
π@cveNotify
GitHub
GitHub - DMCERTCE/PoC_Tiny_Overflow: Proof-of-concept for overflow and resulting memory leak in TinyWeb 1.94
Proof-of-concept for overflow and resulting memory leak in TinyWeb 1.94 - DMCERTCE/PoC_Tiny_Overflow
π¨ CVE-2024-34200
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
π@cveNotify
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
π@cveNotify
GitHub
IOTVuln/CP450/setIpQosRules at main Β· n0wstr/IOTVuln
Contribute to n0wstr/IOTVuln development by creating an account on GitHub.
π¨ CVE-2024-34221
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
π@cveNotify
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
π@cveNotify
GitHub
GitHub - dovankha/CVE-2024-34221: CVE-2024-34221 | Insecure pemission
CVE-2024-34221 | Insecure pemission. Contribute to dovankha/CVE-2024-34221 development by creating an account on GitHub.
π¨ CVE-2024-34974
Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.
π@cveNotify
Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter.
π@cveNotify
GitHub
Vullnfo/Tenda/AC18/formSetPPTPServer at main Β· hunzi0/Vullnfo
My cve. Contribute to hunzi0/Vullnfo development by creating an account on GitHub.
π¨ CVE-2024-34950
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
π@cveNotify
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
π@cveNotify
dear-sunshine-ba5 on Notion
D-Link DIR-822+ v1.0.5 Stack Overflow | Notion
Discoverer
π¨ CVE-2023-25951
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2023-26586
Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2023-28374
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2023-28720
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
π@cveNotify
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2023-32642
Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2023-32651
Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
π@cveNotify
Intel
INTEL-SA-00947
π¨ CVE-2022-26135
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
π@cveNotify
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
π@cveNotify