CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

CVE-2023-28431 Frontier's modexp precompile is slow for even modulus

Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...

OPENSUSE-SU-2023:0077-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-24580: Prevent DOS in file uploads. boo1208082 update to 1.11.15 CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware boo1102680 Fixed WKBWriter.write and writehex for empty polygons on GEOS 3.6.1+ Fixed a...

nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

OESA-2023-1176 future security update

This package intends to provides a compatibility layer for Python between its two version release. The future and past packages are both provides for backports and forwards, in which you are able to use a single, clean codebase to run under Python3 environmets easily. With also providing futurize...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

GHSA-6Q4M-7476-932W github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

[SECURITY] Fedora 38 Update: mingw-python-OWSLib-0.28.1-1.fc38

MinGW Windows Python OWSLib library...

CVE-2023-27898

Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...

Debian: Security Advisory (DSA-2015-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Veeam Backup for Microsoft 365 server license type is not compatible with Veeam ONE license type.

Challenge When attempting to add Veeam Backup for Microsoft 365 to Veeam ONE, the connection fails with: Failed to connect to "". Veeam Backup for Microsoft 365 server license type is not compatible with Veeam One license type. Cause As documented in the Veeam Backup for Microsoft 365 7 Release...

GSD-2023-1002339 xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()

xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.12 by commit...

kernel security and bug fix update

5.14.0-162.18.11.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

openstack-swift: Arbitrary file access through custom S3 XML entities

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

Security Bulletin: Vulnerability in SSLv3 affects IBM SAN b-type switches and directors (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SAN b-type switches and directors. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obta...

Task fails with "Repository is not compatible with Catalyst Store with fixed block setting enabled"

Challenge A Veeam Backup & Replication job targeting a StoreOnce Repository backed by a Catalyst Store that has Fixed Block Chunking enabled fails with either of the following errors: Repository is not compatible with Catalyst Store with fixed block setting enabled Error:...

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

K15480: PHP vulnerability CVE-2012-2688

Security Advisory Description Description Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." CVE-2012-2688 Impact None. F5 products are not...

OPENSUSE-SU-2023:0048-1 Security update for gssntlmssp

This update for gssntlmssp fixes the following issues: Update to version 1.2.0 Implement gsssetcredoption. Allow to gsswrap even if NEGOTIATESEAL is not negotiated. Move HMAC code to OpenSSL EVP API. Fix crash bug when acceptor credentials are NULL. Translations update from Fedora Weblate. Fix...