Monthly
Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.
Management daemon deadlock in Juniper Networks Junos OS 23.4-24.4 and Junos OS Evolved enables network-based authenticated attackers to trigger complete management plane denial-of-service via rapid NETCONF session cycling. Vulnerability causes mgd processes to hang in lockf state, exhausting process pool and preventing administrative logins. Recovery requires device power-cycle. Affects deployments using NETCONF management interface with authenticated remote users. No public exploit identified at time of analysis.
In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.
Management daemon deadlock in Juniper Networks Junos OS 23.4-24.4 and Junos OS Evolved enables network-based authenticated attackers to trigger complete management plane denial-of-service via rapid NETCONF session cycling. Vulnerability causes mgd processes to hang in lockf state, exhausting process pool and preventing administrative logins. Recovery requires device power-cycle. Affects deployments using NETCONF management interface with authenticated remote users. No public exploit identified at time of analysis.
In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.