PT-2023-22769 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions prior to 4.8.3 Description: The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Switches (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM BladeCenter Switches. Vulnerability Details CVE-ID: CVE-2015-7575 Description: The TLS protocol could allow weaker than expected...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) (CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Integrated Management Module IMM which has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project...

Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)

Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...

StoreOnce and Veeam Immutability Compatibility

Challenge A backup job that targets an HPE StoreOnce Catalyst repository may display either of the following messages: In Veeam Backup & Replication 12.0, the job will fail and display the error: OSCLTERRIMMUTABLEEPOCHREQUESTEXCEEDSMAXIMUM. Err: -1817 In Veeam Backup & Replication 12.1, the job...

PT-2023-19582 · Wp Engine · Wp Engine Php Compatibility Checker

Name of the Vulnerable Software and Affected Versions: WP Engine PHP Compatibility Checker plugin versions = 1.5.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions...

Python Exec, Command Shell, Reverse SCTP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf...

SUSE-SU-2023:1814-1 Security update for podman

This update for podman fixes the following issues: Update to version 4.4.4: libpod: always use direct mapping macos pkginstaller: do not fail when podman-mac-helper fails podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common...

OPENSUSE-SU-2023:0087-1 Security update for seamonkey

SeaMonkey was updated to 2.53.16: No throbber in plaintext editor bug 85498. Remove unused gridlines class from EdAdvancedEdit bug 1806632. Remove ESR 91 links from debugQA bug 1804534. Rename devtools/shim to devtools/startup bug 1812367. Remove unused seltype=text|cell css bug 1806653. Implemen...

April 11, 2023—KB5025239 (OS Build 22621.1555)

April 11, 2023—KB5025239 OS Build 22621.1555 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find out...

April 11, 2023—KB5025228 (OS Build 14393.5850) - EXPIRED

April 11, 2023—KB5025228 OS Build 14393.5850 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

April 11, 2023—KB5025224 (OS Build 22000.1817)

April 11, 2023—KB5025224 OS Build 22000.1817 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to find out...

April 11, 2023—KB5025234 (OS Build 10240.19869) - EXPIRED

April 11, 2023—KB5025234 OS Build 10240.19869 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

PHP Compatibility Checker < 1.6.0 - Cross-Site Request Forgery

The plugin does not adequately protect against Cross-Site Request Forgery CSRF, making it possible to force unsuspecting users to perform actions without their consent...

WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software PHP Compatibility Checker Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24421 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 89ba6e7a3219 Credits Mika...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

SUSE-SU-2023:1702-1 Security update for shim

This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x8664.asc, signature-sles.aarch64.asc bsc1198458 - Add POSTPROCESSPEFLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects TS3100/TS3200. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...

Planning Go 1.21 Cryptography Work

As most of you are tired to hear by now, I am a professional, full-time open-source maintainer, and a lot of my time is spent maintaining the Go cryptography standard libraries. Go's development follows a fixed calendar with two development windows and two releases every year. I try to write abou...

CVE-2023-28431

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...