47 matches found
A hacker can front-run the owner of a PrivatePool to drain the pool
Lines of code Vulnerability details Impact A hacker can sandwitch calls to setVirtualReserves or setMerkleRoot in a private pool and make an instant profit at the expense of the owner. For example, the hacker sees that there is a setVirtualReserves transaction in the mempool that will make the NF...
The new Spring Boot version validation and upgrade support in Spring Tools
New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...
Security update for SUSE Manager Client Tools (moderate)
openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...
Prototype Pollution
Overview mathjs before version 7.5.1 is vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. Recommendation Upgrade to version 7.5.1 or later References - CVE - GitHub Advisory...
GHSA-X2FC-MXCX-W4MF Prototype Pollution in mathjs
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
Prototype Pollution in mathjs
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
CVE-2020-7743
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
CVE-2020-7743
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
CVE-2020-7743
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
CVE-2020-7743 Prototype Pollution
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...
CVE-2020-7743
The vulnerability described in CVE-2020-7743 affects the mathjs package prior to version 7.5.1, enabling Prototype Pollution via the deepExtend function during configuration updates. This is a general software vulnerability in mathjs, with no explicit exploit details provided in the connected doc...
Prototype Pollution
Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...
Attacks Aimed at Disrupting the Trickbot Botnet
Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying...
Cisco IOS XE Software Information Disclosure Vulnerability (cisco-sa-20190327-info)
According to its self-reported version, Cisco IOS XE Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS XE that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper...
Cisco IOS Software Information Disclosure Vulnerability (cisco-sa-20190327-info)
According to its self-reported version, Cisco IOS Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory...
CVE-2019-1762
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...
Design/Logic Flaw
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...
CVE-2019-1762
Cisco IOS and IOS XE Information Disclosure vulnerability (CVE-2019-1762) arises from improper memory operations in the Secure Storage feature during encryption of configuration updates. An authenticated, local attacker could retrieve contents of memory locations and disclose keying materials emb...
Cisco IOS and IOS XE Software Information Disclosure Vulnerability
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...
CVE-2018-8855
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...