CVE-2023-42460

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

Linux Distros Unpatched Vulnerability : CVE-2024-42460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.8 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.8 bug fixes and container updates

Multicluster Engine for Kubernetes 2.3.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE CVE-2024-42460

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.5 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.9.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.5.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.5.7 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42460)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42460 advisory. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing...

CVE-2024-42460 affecting package reaper for versions less than 3.1.1-11

CVE-2024-42460 affecting package reaper for versions less than 3.1.1-11. A patched version of the package is available...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update

Red Hat OpenShift Service Mesh Containers for 2.4.10 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to loss of confidentiality [CVE-2024-42459] [CVE-2024-42460] [CVE-2024-42461]

Summary Node.js Elliptic module is used by IBM App Connect Enterprise Certified Container for encription and signature validation in communication between a Dashboard and COS S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage for storing bar file...

CVE-2024-42460

creationtimestamp| type| source ---|---|--- 2024-08-02 09:50:12+00:00| seen| https://t.me/cvedetector/2331...

0x-relayer-cat (>=0.0.2 <=0.0.10), 0xauth (>=0.0.2 <=0.0.6) +8804 more potentially affected by CVE-2024-42460 via elliptic (>=2.0.2 <=6.5.6)

elliptic NPM version =2.0.2, =0.0.2, =0.0.2, =1.0.6, =0.0.1-beta.1, =1.0.0, =0.1.0, =0.0.92, =0.1.3, =4.2.1, =6.2.1, =6.2.4 and more Source cves: CVE-2024-42460 Source advisory: OSV:GHSA-977X-G7H5-7QGW...

CVE-2023-42460

creationtimestamp| type| source ---|---|--- 2023-09-27 18:36:06+00:00| seen| https://t.me/cibsecurity/71066...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460

CVE-2023-42460 affects Vyper (EVM Python-like language). The _abi_decode() function does not validate input when nested in an expression, enabling construction that bypasses bounds checking and may yield incorrect results. No exploitation details are provided in the documents, and the vulnerabili...

CVE-2022-42460

Broken Access Control vulnerability leading to Stored Cross-Site Scripting XSS in Traffic Manager plugin = 1.4.5 on WordPress...

CVE-2022-42460

CVE-2022-42460 affects the WordPress Traffic Manager plugin up to version 1.4.5, with a Broken Access Control flaw that enables Stored Cross-Site Scripting (XSS). The root cause is insufficient access controls on the plugin, allowing stored payloads that can be executed in users with a range of p...