virt:kvm_utils security update

libvirt 5.7.0-34.el8 - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy Peter Krempa Orabug: 33091019 - qemu: capabilities: Introduce QEMUCAPSBLOCKDEVSNAPSHOTALLOWWRITEONLY Peter Krempa Orabug: 33091019 - qemuDomainBlockCopyCommon: Record updated flags to block job Peter...

delegate modifies old checkpoint

Lines of code Vulnerability details Impact VoteEscrow tokens are used as voting tokens for a GovernorAlpha governance. It shouldn't be possible to modify an old meaning for blocks older than block.number checkpoint, otherwise it's possible to buy tokens just to vote for a proposal and then sell...

libvirt libvirt-python security update

libvirt 5.7.0-34.el7 - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy Peter Krempa Orabug: 33091019 - qemu: capabilities: Introduce QEMUCAPSBLOCKDEVSNAPSHOTALLOWWRITEONLY Peter Krempa Orabug: 33091019 - qemuDomainBlockCopyCommon: Record updated flags to block job Peter...

MAL-2022-1329 Malicious code in azure-eventhubs-checkpointstore-blob (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446f07ebe7277743c5b75edd4e41ddee867b36339feabc5d6040ae83fb8c8ea8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

In gauge, checkpoint.voted is incorrectly copied from previous checkpoint (always false in new checkpoint)

Lines of code Vulnerability details Impact When a user interacts with a gauge and a new balance checkpoint is created in storage of this gauge, then checkpoint.voted for this new checkpoint is always false. Unless users are aware of this bug and call voter.poke after each interaction with the gau...

User rewards stop accruing after any _writeCheckpoint calling action

Lines of code Vulnerability details Any user balance affecting action, i.e. deposit, withdraw/withdrawToken or getReward, calls writeCheckpoint to update the balance records used for the earned reward estimation. The issue is that writeCheckpoint always sets false to voted flag for the each new...

jigawatts bug fix and enhancement update

An update is available for jigawatts. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Jigawatts is a new package introduced in Rocky Linux 8.5 & 9.0 to facilitat...

cockpit security, bug fix, and enhancement update

264.1-1.0.1 - Remove duplicate reference to server in cockpit Orabug: 33862832 - Update documentation links Orabug: 32795691 - Make documentation links point to Oracle Linux information Orabug: 30271413 Orabug: 32013095 - Fix rendering of hwinfo page on systems with some empty memory slots Orabug...

Vulnerability fixed in Check Point Endpoint Security Client

Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...

CVE-2022-23742

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

Cisco RCM for Cisco StarOS Software拒绝服务漏洞

Cisco RCM for Cisco StarOS Software is a denial-of-service vulnerability that could be exploited to cause the checkpoint manager process to restart upon receipt of malformed TCP data...

CVE-2022-20750

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to...

Input validation

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to...

Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to...

Cisco StarOS 输入验证错误漏洞

Cisco RCM for Cisco StarOS Software is a denial-of-service vulnerability that could be exploited to cause the checkpoint manager process to restart upon receipt of malformed TCP data...

CVE-2022-25174

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Improper Neutralization of Input During Web Page Generation (CVE-2018-19615)

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user's web browser to gain access to the affected device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228-Advisories Please open Issues to include an adv...

Google TensorFlow Data Falsification Issue Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a data forgery vulnerability that stems from a lack of validation of invalid file formats in the checkpoint loading infrastructure, which can be exploited by an...

ERC20ConvictionScore._writeCheckpoint` does not write to storage on same block

Handle cmichel Vulnerability details In ERC20ConvictionScore.writeCheckpoint, when the checkpoint is overwritten checkpoint.fromBlock == blockNumber, the new value is set to the memory checkpoint structure and never written to storage. // @audit this is MEMORY, setting new convictionScore doesn't...