CVE-2023-45130

Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2023-45130 issue where, prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, invoking opcode SUICIDE on a contract that has large storage can trigger a single IO call across the WebAssembly boundary to remove all storages, potenti...

CVE-2023-45130 Frontier opcode SUICIDE touches too many storage values on large contracts

Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses storage::removeprefix now renamed to storage::clearprefix to remove all storage...

K000137204: Intel BIOS vulnerability CVE-2022-43505

Security Advisory Description Insufficient control flow management in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2022-43505 Impact This vulnerability may allow a privileged user to potentially enable...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

CVE-2023-4911 - Looney Tunables This is a atm very rough pr...

Application allows excessively long password value

Description Vrite v0.2.0 allows excessively long passwords to be set for user accounts which introduce several issues and challenges, primarily related to performance, storage, and compatibility. Proof of Concept 1. Make an user profile in the app. 2. Go to settings security Change password. 3. I...

SUSE-SU-2023:3876-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2023-20897: Do not fail on bad message pack message bsc1213441 CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948...

[SECURITY] Fedora 37 Update: xrdp-0.9.23-1.fc37

xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

Fedora 38 : php-phpmailer6 (2023-e51479556c)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e51479556c advisory. Minor security note The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input ...

Deployment issues with chains not compatible with Shanghai hardfork

Lines of code Vulnerability details Impact Besides issues with deployment &maintenance contracts; A Big Issues is quoted below from an audit finding... "This could also become a problem if different versions of Solidity are used to compile contracts for different chains. The differences in byteco...

Agent Backup Job Fails With "Veeam Backup and Replication version is not compatible with Veeam Agent for Windows"

Challenge After upgrading Veeam Agent for Microsoft Windows , the backup job fails to run and displays the error message: Error: Managed session has failed: Veeam Backup and Replication version is not compatible with Veeam Agent for Windows. Cause This error occurs when the version of Veeam Agent...

BELL-CVE-2016-9444 CVE-2016-9444 does not affect BellSoft software

Bulletin has no description...

Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload

Description The plugin does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. PoC NOTE: Because of an error in this version of the plugin, the following POC only works on PHP versions previous to 8.0. 1. As an...

SUSE-SU-2023:3474-1 Recommended update for SUSE Manager Server 4.2

This update fixes the following issues: hub-xmlrpc-api: - Security fix: CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. bsc1213880 + There are no direct source changes. The...

VMware Cloud Director 10.5 Partial Compatibility Patch

Intended Audience This hotfix is intended for customers who upgraded to VMware Cloud Director 10.5 and found that backup operations were impacted. Customers who have not yet upgraded to VMware Cloud Director 10.5 are advised to wait for full Cloud Director 10.5 support, which will be available in...

GHSA-JCF2-MXR2-GMQP OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. This means that the API sometimes returns more objects than it should. Am I Affected? The vulnerability affects customers using ListObjects with specific models. The...

SUSE-SU-2023:3375-1 Security update for evolution

This update for evolution fixes the following issues: - CVE-2020-11879: Fixed issue where websites can attach local files to emails by using a proprietary parameter without warning the user bsc1169843. - Fix some warnings with newer WebKit - Handle frame flattening change in WebKitGTK 2.40...

Update from 12.1 to 13.x getting Cannot Complete Request / gateway plug-in for java is not supported

When upgrading from version 12.1 to 13.0 and get "Cannot complete request" through NetScaler...

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package APK files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on t...

SAP Host Agent Information Disclosure Vulnerability (CNVD-2023-65176)

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authenticatio...