CVE-2023-23932

OpenDDS (C++ implementation of OMG DDS) is affected by CVE-2023-23932. The vulnerability involves processing of RTPS network input: untrusted, badly-formed input may cause OpenDDS applications to crash. Root cause details indicate the issue affected OpenDDS prior to version 3.23.1. Public referen...

CLSA-2023-1675372649 Fix CVE(s): CVE-2018-20217

SECURITY UPDATE: Possible KDC crash processing malformed S4U2Self request - debian/patches/CVE-2018-20217.patch: ignore password attributes for S4U2Self requests - CVE-2018-20217...

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...

The vulnerability of the Packet Forwarding Engine (PFE) implementation in Juniper Networks’ Junos OS allows a hacker to induce a service failure.

The vulnerability of the Packet Forwarding Engine PFE implementation in Juniper Networks’ Junos OS is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1263)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : krb5 (EulerOS-SA-2023-1263)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in...

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remot...

[SECURITY] [DSA 5329-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5329-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 26, 2023 https://www.debian.org/security/faq -...

November 8, 2022—KB5019970 (OS Build 10240.19567) - EXPIRED

November 8, 2022—KB5019970 OS Build 10240.19567 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

The vulnerability of the file copying utility cp in the GNU Core Utilities system of the EMIAS OS operating system allows a perpetrator to cause a service failure or exert other adverse effects.

The vulnerability of the file copying utility cp in the GNU Core Utilities system for the EMIAS OS operating system is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow an attacker to cause service failures or have other...

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium

Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportuni...

firefox security update

102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.7.0-1 - Update to 102.7.0 build1 102.6.0-2 - Add firefox-x11 subpackage to allow explicit run of...

Upgraded Q -> M from #113 [1674422768939]

Judge has assessed an item in Issue 113 as M risk. The relevant finding follows: During handling the open fees, the tigAsset is distributed to gov. But, it is not approved before to be consumed by gov. So, the first user's transaction to initiate a market order, will fail. During handling the clo...

function withdraw() in StRSR won't update contract state (totalDrafts) in all cases which can cause wrong fund distribution and fund stucking in the contract

Lines of code Vulnerability details Impact Function withdraw complete an account's unstaking. it transfers user draft withdrawals and updates totalDrafts. but when calculated rsrAmount is 0 code returns and won't updates totalDrafts which can cause wrong calculations as those draft items removed...

Stealing money from protocol

Lines of code Vulnerability details Impact Parameters address from,uint256 amount passed in the function call distribute not checked , attacker can specify any address approved to distrutor and any amount to steal asset Proof of Concept function distribute IERC20 erc20, address from, uint256 amou...

Redeemers will receive less collateral than expected if function completeRedemptions() is called with empty refundees list

Lines of code Vulnerability details Impact Function completeRedemptions is used by admin account to distribute collateral to users and also to refund redemption requests if the redemption cannot be serviced. function completeRedemptions address calldata redeemers, address calldata refundees,...

Wrong logic totalBurned is not updated after _processRefund() results in loss of funds for redeemers

Lines of code Vulnerability details Impact Function completeRedemptions is used by admin account to distribute collateral to users and also to refund redemption requests if the redemption cannot be serviced. function completeRedemptions address calldata redeemers, address calldata refundees,...

Values in redemptions do not match, and fees are being overcharged

Lines of code Vulnerability details Impact The amount of collateral to distribute collateralAmountToDist does not need to match the sum of fees actually distributed the sum of collateralAmountDue in the events of processRedemption. The real distributed amount can be smaller. However, the fees are...

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...