ai.grakn:grakn-dist (=0.17.0), ai.grakn:janus-factory (>=0.17.0 <=1.1.0) +10222 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-java (>=3.0.0 <=3.16.1)

com.google.protobuf:protobuf-java MAVEN version =3.0.0, =0.17.0, =1.1.0 - ai.konduit.serving:konduit-serving-api =0.3.0 - ai.konduit.serving:konduit-serving-build =0.3.0 - ai.konduit.serving:konduit-serving-cli =0.3.0 - ai.konduit.serving:konduit-serving-config-creator =0.3.0 -...

position's wrong profit and loss or incorrect distribution of funds in contract PrePoMarket because it doesn't consider expiryTime for setting the value of finalLongPayout and calculating redeem amounts based on positions and Markets never expire

Lines of code Vulnerability details Impact according to the docs: "The expiry date of the market. If a market has not settled by its expiry date, it will automatically settle at the lower bound of its Valuation Range." but Contract PrePOMarket doesn't consider expiryTime in its logic and...

OESA-2022-2121 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service...

DRUPAL-CONTRIB-2022-060

The Social Base theme is designed as a base theme for Open Social. This base theme holds has a lot of sensible defaults. It doesn't however contain much styling. We expect developers to want to change this for their own project. When content within the Open Social distribution is placed within a...

[SECURITY] Fedora 37 Update: heimdal-7.7.1-3.fc37

Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec rfc1510 and successors including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center...

CVE-2022-46156

CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...

Fedora: Security Advisory for heimdal (FEDORA-2022-cbbd105d08)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 5290-1] commons-configuration2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5290-1 [email protected] https://www.debian.org/security/ Markus Koschany November 28, 2022 https://www.debian.org/security/faq -...

krb5: integer overflow vulnerabilities in PAC parsing

A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service t...

The existence of the tokenID is not validated in distributeFees()

Lines of code Vulnerability details Impact Turnstile contract has distributeFees function which the Canto team/smart contract utilizes to distribute the fees to the tokenID's for the smart contract that is registered through register function. The existence of the tokenID's are checked both in...

Rewards calculation does not consider GMX reward rate fluctuation

Lines of code Vulnerability details Impact The current time based px rewards calculation system is not accurate, and not fair for users. Due to GMX protocol reward rate fluctuation, px users stake and claim at different time could get less or more rewards they deserve. Some users could abuse the...

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans...

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps

The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps...

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access websi...

[SECURITY] [DSA 5286-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5286-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2022 https://www.debian.org/security/faq -...

November 17, 2022—KB5021656 (OS Build 20348.1251) Out-of-band

November 17, 2022—KB5021656 OS Build 20348.1251 Out-of-band 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B”...

Rocky Linux 8 : flatpak-builder (RLSA-2022:7458)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7458 advisory. - Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6...

Heimdal 安全漏洞

Heimdal is Heimdal open source a Kerberos implementation and security program . Heimdal KDC has a security vulnerability , the vulnerability stems from the ASN.1 codec in the invalid free , an attacker can use the vulnerability can use Kerberos authentication can simulate a client or service to...

DEBIAN-CVE-2022-41916

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC via PKINIT and kinit via PKINIT, as well as any third-party applications using Heimdal's...

[SECURITY] [DSA 5278-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5278-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2022 https://www.debian.org/security/faq -...