7.4AI Score
tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new() vulnerable to a slow-loris DoS attack. rust /// Default...
7.5CVSS
7AI Score
0.0004EPSS
tls-listener affected by the slow loris vulnerability with default configuration
Summary With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. Details The default configuration options make any public service using TlsListener::new() vulnerable to a slow-loris DoS attack. rust /// Default...
7.5CVSS
6.8AI Score
0.0004EPSS
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
7AI Score
0.963EPSS
9.8CVSS
7.4AI Score
0.963EPSS
9.8CVSS
7AI Score
EPSS
7.4AI Score
7.4AI Score
9.8CVSS
7.4AI Score
0.001EPSS
Schneider Electric EcoStruxure Power Design
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3....
7.8CVSS
7.8AI Score
0.001EPSS
7.4AI Score
9.8CVSS
10AI Score
0.001EPSS
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit
NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site....
7.1AI Score
0.002EPSS
7.4AI Score
9.8CVSS
8AI Score
0.001EPSS
7.4AI Score
7.4AI Score
0.002EPSS
7.4AI Score
Test and evaluate your WAF before hackers
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...
6.6AI Score
7.4AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.006EPSS
9.8CVSS
7.4AI Score
0.006EPSS
Exploit for Use After Free in Linux Linux Kernel
Demonstration that Claude 3 Opus does not understand...
7.9AI Score
6.6AI Score
EPSS
9.8CVSS
9.7AI Score
EPSS
Nomore403 - Tool To Bypass 403/40X Response Codes
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...
7.4AI Score
VMware ESXi 7.0 / 8.0 Multiple Vulnerabilities (VMSA-2024-0006)
The version of VMware ESXi installed on the remote host is prior to 7.0 Update 3p, 8.0 prior to 8.0 Update 1d, or 8.0 prior to 8.0 Update 2b. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2024-0006 advisory: VMware ESXi, Workstation, and Fusion contain a...
9.3CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
6.5AI Score
0.0004EPSS
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 (i.e., long long) arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...
9CVSS
6.5AI Score
0.003EPSS
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.cc#L70-L76). An.....
7.1CVSS
6.8AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.c#L24-L27). An attacker...
7.1CVSS
7AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...
5.5CVSS
6.5AI Score
0.0004EPSS
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a size_t. An attacker can control model inputs such thatcomputed_sizeoverflows the.....
8.8CVSS
6.9AI Score
0.005EPSS
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow...
6.5CVSS
6.6AI Score
0.002EPSS
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., CHECK_LT, CHECK_GT, etc.) have an incorrect logic when comparing size_t and int values. Due to type conversion rules, several.....
5.5CVSS
6.6AI Score
0.001EPSS
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32....
7.5CVSS
7.4AI Score
0.006EPSS
BIT-postgresql-jdbc-driver-2022-41946
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setText(int, InputStream) or PreparedStatemet.setBytea(int, InputStream) will create a temporary file if the InputStream is larger than 2k. This will create a temporary file...
5.5CVSS
5.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
7AI Score
0.0004EPSS
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
9.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...
6.5AI Score
0.0004EPSS
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b ("veth: allow enabling NAPI even without XDP"), if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...
6.5AI Score
0.0004EPSS
eth-abi is vulnerable to recursive DoS
This is related to recent ZST stuff (https://github.com/ethereum/eth-abi/security/advisories/GHSA-rqr8-pxh7-cq3g), but it's a different one. Basically a recursive pointer issue ```py from eth_abi import decode payload =...
7AI Score
eth-abi is vulnerable to recursive DoS
This is related to recent ZST stuff (https://github.com/ethereum/eth-abi/security/advisories/GHSA-rqr8-pxh7-cq3g), but it's a different one. Basically a recursive pointer issue ```py from eth_abi import decode payload =...
7AI Score
7.4AI Score