Debian DSA-5562-1 : tor - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5562 advisory. It was discovered that Tor was susceptible to a crash during handshake with a remote relay, resulting in denial of service. For the oldstable distribution bullseye, suppor...

Schneider Electric EcoStruxure Power Monitoring Expert Open Redirection Vulnerability

Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric, France, for power distribution monitoring in IoT environments. The Schneider Electric EcoStruxure Power Monitoring Expert suffers from an open redirection vulnerability, which stems from the system not...

The vulnerability of the /v2/_catalog component of the Red Hat OpenShift Container Platform allows a attacker to trigger a service failure.

The vulnerability of the /v2/catalog component of the Red Hat OpenShift Container Platform relates to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEOLURKER. "The malicious...

wrong implementation cause unfair distribution

Lines of code Vulnerability details Impact wrong implementation cause unfair fee distribution among sharesHolder Proof of Concept In sell and mintNFt ,tokensInCirculation and tokens owned by address is deducted only after split fee is happened .To be fair , user should not get fee from tokens tha...

Lost fees

Lines of code Vulnerability details Impact Buyers do not get any split of the fees. It is instead to be distributed to holders. But holder splits on successive buys are partially lost to the contract and cannot be recovered. Proof of concept The buyer's rewardsLastClaimedValueidmsg.sender is...

Amazon Linux 2 : containerd (ALASECS-2023-026)

The version of containerd installed on the remote host is prior to 1.4.6-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-026 advisory. The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OC...

Medium: containerd

Issue Overview: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manife...

The vulnerability lies in the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib. This vulnerability is related to the unlimited distribution of resources, allowing attackers to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the unlimited distribution of resources. Exploiting this vulnerability allows a remote attacker to cause service failures...

Mint amount calculation in deposit is incorrect

Lines of code Vulnerability details Summary The calculation in the deposit function of the DepositPool contract is flawed as it factors the deposited amount into the RSETH price to calculate the amount to mint. Impact When a user deposits in the DepositPool contract, the amount of RSETH to mint i...

Input validation

Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access...

CVE-2023-25080

Protection mechanism failure in some IntelR Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access...

Malicious CPU-Z App Distributed Through Ads on Fake Windows News Site

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A threat actor has been using Google Ads as a platform to distribute a tampered version of the CPU-Z tool. CPU-Z is a widely-used utility that provides information about various hardware components in a...

Attacker can take over and hijack any and every asset of a party initialized with the governance value distributionsRequireVote set to false, through the utilization of a flash loan.

Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The distributionsRequireVote flag: The distributionsRequireVote flag is a governance value flag set to false by default in the governance values. It determines whether or not a party member ca...

DoS in Providing Voting power after contribution due to minting based on totalVotingPower in PartyGovernanceNFT.increaseVotingPower

Lines of code Vulnerability details Impact The PartyGovernanceNFT contract was designed in such a way that it wont mint, increaseVotingPower if totalMint mintedVotingPower wont cross the totalVotingPower, if crossing only the difference between them totalVotingPower - mintedVotingPower will be...

Vulnerability in Token Withdrawal Function

Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...

US Man Sentenced to Over 21 Years for Dark Web Distribution of CSAM

By Waqas You reap what you sow! This is a post from HackRead.com Read the original post: US Man Sentenced to Over 21 Years for Dark Web Distribution of CSAM...

krb5: double-free in KDC TGS processing

A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling...

[SECURITY] [DSA 5547-1] pmix security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5547-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2023 https://www.debian.org/security/faq -...

[SECURITY] Fedora 39 Update: fbthrift-2023.10.16.00-1.fc39

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...