SA-2023-052 - SLP DoS Attack (CVE-2023-29552)
Summary The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a d...
Blog Articles
SA-2023-051 - vm2 sandbox bypass (CVE-2023-29017)
Summary vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. vm2 does not properly handle host objects passed to `Error.prepareStackTrace` in case of unhandled async ...
SA-2023-050 - FRRouting BGP out-of-bounds read (CVE-2022-43681)
Summary An out-of-bounds read exists in the BGP daemon of FRRouting FRR. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an exte...
- FredrikB-NN2 on: SA-2023-103 - Privilege escalation via Redis serve...
- ACollins on: SA-2023-091 - OpenSSH information leak (CVE-2020-1...
- CraigW on: SA-2023-023 - OpenSSL c_rehash script (CVE-2022-20...
- AntonioP on: Security Advisory - SA-2022-007 - TLS Heap Overflo...
-
SamPirok
on:
Security Advisory: SA-2022-004 – Spring Framework
- Danny_Schaper on: Security Advisory - SA-2022-003 - "Spring4Shell" (...
- StephanH on: Vulnerability Notice VN-2021-460- "FragAttacks" Wi...
