Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...

Frequent donations can cause DOS

Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6...

This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023

Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...

Vulnerability fixed in Checkpoint Endpoint Security

Checkpoint has fixed a vulnerability in Endpoint Security. A local malicious party could exploit the vulnerability to grant themselves elevated privileges and execute code with potentially privileges of SYSTEM. Checkpoint has released updates to fix the vulnerability fix in Endpoint Security...

Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK. This issue affects Apache UIMA Java SDK before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects...

GHSA-5R8J-QMCM-7G7Q Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK. This issue affects Apache UIMA Java SDK before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects...

Deserialization of untrusted data

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

Runtime efficiency with Spring (today and tomorrow)

With Spring Framework 6.1 and Spring Boot 3.2 general availability approaching, we would like to share an overview about several efforts the Spring team is pursuing to allow developers to optimize the runtime efficiency of their applications. We are going to cover the following technologies and u...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.324.5.3.el7 - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' Sherry Yang Orabug: 35896102 5.4.17-2136.324.5.2.el7 - fix breakage in dormdir Al Viro Orabug: 35885837 5.4.17-2136.324.5.1.el7 - x86: KVM: SVM: always update the x2avic msr interception...

Rhysida Ransomware

Rhysida Ransomware By Alexandre Mundo, Max Kersten, and Leandro Velasco · October 9, 2023 New ransomware victims are made every day by ransom gangs with a variety of ransomware malware families, one of which is the Rhysida ransomware family. Within this blog, an anonymised version of an attack by...

Upgraded Q -> 2 from #86 [1695205999296]

Judge has assessed an item in Issue 86 as 2 risk. The relevant finding follows: QA-02. BondingManager.withdrawFees doesn’t create checkpoint --- The text was updated successfully, but these errors were encountered: All reactions...

criu bug fix and enhancement update

An update is available for criu. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The criu packages provide the Checkpoint/Restore in User Space CRIU function,...

container-tools:rhel8 bug fix and enhancement update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

Contrary to sponsor's intent, the gauge's weight will not be updated properly if governance do not change weight before any voting

Lines of code Vulnerability details Impact This is the intended procedure based on Sponsor's answer in discord: Q: when we add new gauge we don't set any weight point or any data for it, did the new gauge will get the weight and power by time when users vote for it ?! A: Yes, the idea is that the...

ConvexStakingWrapper.sol after shutdown，rewards can be steal

Lines of code Vulnerability details Impact After shutdown, checkpoints are stopped, leading to possible theft of rewards. Proof of Concept ConvexStakingWrapper No more checkpoints after shutdown, i.e. no updates reward.rewardintegralforuser function beforeTokenTransfer address from, address to,...

CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

pcs security update

0.11.4-7 - Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command - Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1 - Fixed loading of cluster status in the web interface when fencing levels are configured -...

The fork escrow voting should use the snapshot mechanism to save whether the current DAO state reaches the fork threshold

Lines of code Vulnerability details Impact The fork escrow vote does not use the snapshot mechanism or checkpoint mechanism to save whether the current DAO state reaches the fork threshold, which may cause the timing of the fork to be missed. Proof of Concept Suppose the following scenario: 1. Wh...

User who stakes into StRSRVotes doesn't have any voting power

Lines of code Vulnerability details Impact User who stakes into StRSRVotes doesn't have any voting power. This is not intuitive clear and user who thinks that he can vote, actually will not be able until he will delegate votes to himself. Proof of Concept StRSRVotes contract extends StRSR which h...