ATEN International PE8108 安全漏洞

The ATEN International PE8108 is an intelligent PDU from China-based ATEN International. A security vulnerability exists in ATEN International PE8108 version 2.4.232, which stems from incorrect access control...

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service DoS attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-sourc...

RLSA-2023:0952 Moderate: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...

[SECURITY] [DSA 5382-1] cairosvg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5382-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2023 https://www.debian.org/security/faq -...

Malicious Package

Overview xdefi-distribution is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Malicious Package

Overview xdefi-distribution-rewards is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using specially created SpEL expressions...

Award is still distributed when there aren't any stakers, allowing users to get reward without staking

Lines of code Vulnerability details Proof of Concept Consider the update modifier for the amplifier. modifier update if mostRecentValueCalcTime == 0 mostRecentValueCalcTime = firstStakeTime; uint256 totalCurrentStake = totalStake; if totalCurrentStake 0 && mostRecentValueCalcTime endTime uint256...

Input validation

Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to...

User without download rights can download older version of that file

None...

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

sfrxETH.ethPerDerivative is incorrect, leading to incorrect minting amount of safETH

Lines of code Vulnerability details SafeETH.stake allows users to stake ETH and be minted an amount of safETH that corresponds to the ETH value of the derivatives that resulted from their deposit. The minting amount is based on: preDepositPrice, which is a function of the total safETH minted and...

In stake() function shares increase exponentially for the same amount of deposit as the totalSupply() increases, causing the loss for the initial stakers relative to later ones.

Lines of code Vulnerability details Impact Stake function don not allocate the safEth according to the totalShares, instead as more user deposit, later depositers get higher share of the value as compared to ealy depositers. Proof of Concept Consider Alice, Bob and Jenny want to stake their eth...

openSUSE 15 Security Update : squirrel (openSUSE-SU-2023:0080-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0080-1 advisory. - sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a...

RHEL 8 : openssl (RHSA-2023:1441)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1441 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Malware creator who compromised 10,000 computers arrested

The creator of a Remote Access Trojan RAT, responsible for compromising more than 10,000 computers, has been arrested by law enforcement in Ukraine. At the time of the arrest, the developer still had real-time access to 600 PCs. According to the announcement, the RAT could tell infected devices t...

How to specify command line parameters when distributing a WEM application

To deploy applications via Workspace Environment management with additional command line parameters...

[SECURITY] Fedora 37 Update: stargz-snapshotter-0.14.2-1.fc37

Fast container image distribution plugin with lazy pulling...

Emotet adopts Microsoft OneNote attachments

Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack...

USN-5959-1 krb5 vulnerabilities

It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. CVE-2021-36222, CVE-2021-37750...