[SECURITY] Fedora 35 Update: xe-guest-utilities-latest-7.30.0-4.fc35

Scripts for monitoring XAPI project virtual machine. Writes distribution version information and IP address to XenStore. This package follows the latest version of xe-guest-utilities upstream...

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware — The Hacker News

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps,...

[SECURITY] Fedora 35 Update: golang-github-containerd-stargz-snapshotter-0.10.1-3.fc35

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 35 Update: glide-0.13.2-10.fc35

Glide is a tool for managing the vendor directory within a Go package. This feature, first introduced in Go 1.5, allows each package to have a vendor directory containing dependent packages for the project. These vendor packages can be installed by a tool e.g. glide, similar to go get or they can...

com.breuninger.boot:spring-boot-starter-breuninger-togglz (>=2.0.0 <=2.0.5.RELEASE), com.oneops:secrets-proxy (>=1.2.0 <=1.5.0) +13 more potentially affected by CVE-2020-28191 via org.togglz:togglz-console (>=0.0.1 <=2.8.0)

org.togglz:togglz-console MAVEN version =0.0.1, =2.0.0, =1.2.0, =1.1, =1.0, =0.29.0, =2.1.0, =0.45.0, =0.45.0, =0.45.0, =0.8.0, =0.19.0, =0.8.0, =1.9.0, =2.2.0.Final, =2.8.0 Source cves: CVE-2020-28191 Source advisory: OSV:GHSA-697V-PXG3-J262...

Fee-on-transfer tokens not supported

Lines of code Vulnerability details Impact Incorrect accounting will lead to wrong assets distribution and some users gaining more and some users getting fewer tokens than they should. Proof of Concept Functions rely on user input to calculate distribution of tokens instead of relying on the...

Fedora: Security Advisory for docker-distribution (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft recognized as a Leader in UEM Software 2022 IDC MarketScape reports

Competition for talent has increased pressure to lead in the digital space, and business decisions now weigh user experience for employees heavily among costs and benefits. Workers insist on experiences that mirror their personal experiences, often on their own devices. As enterprise computing ha...

[SECURITY] Fedora 36 Update: docker-distribution-2.6.2-17.git48294d9.fc36

Docker toolset to pack, ship, store, and deliver content...

Data Distribution Service: Mitigating Risks Part 3

In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors...

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortine...

The reserves accounting breaks when total balances surpas type(int256).max

Lines of code Vulnerability details Reserved tokens do not get minted automatically when a new payment is received. Instead, they must be explicitly distributed during the funding cycle which contains the reserved rate and splits that should be applied. If a funding cycle's reserved rate or split...

Migration to a new terminal allows project to use funding again in same funding cycle

Lines of code Vulnerability details Impact Distribution and overflow allowance can be reused after migration Proof of Concept When migrating to a new terminal only balances are transferred but not usedDistributionLimitOf or usedOverflowAllowanceOf. This means that both of these values will be 0,...

Distribution of reserved tokens may run out of gas

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the function that distributes the reserved tokens will run out of gas, and the reserved tokens will be un-distributable until the current cycle is over, and the splits are changed. If cycles are long, the...

Fedora: Security Advisory for golang-github-containerd-stargz-snapshotter (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Data Distribution Service: Exploring Vulnerabilities and Risks Part 2

In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations...

Data Distribution Service: An Overview Part 1

In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate risks associated with it...

[SECURITY] [DSA 5174-1] gnupg2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5174-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 03, 2022 https://www.debian.org/security/faq -...

python security update

2.7.5-92.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-92 - Security fix for CVE-2021-3177 Resolves: rhbz1918168 2.7.5-91 - Security fixes for CVE-2020-26116, CVE-2020-26137 and CVE-2022-0391 - Test fixes for the latest expat security release - Update the certificates...

[SECURITY] Fedora 36 Update: snapd-2.56.2-1.fc36

Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages...