CVE-2022-23233

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...

CVE-2022-23233

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...

Code injection

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...

CVE-2022-23233

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service DoS of the Local Distribution Router LDR service...

Hazelcast code issue vulnerability

Hazelcast Hazelcast IMDG is a scalable open-source data distribution platform from Hazelcast, Inc. The platform supports a variety of distributed data structures, distributed caching and other features. Hazelcast versions prior to 5.1 of XML has a code problem vulnerability, which stems from not...

Netapp StorageGRID 安全漏洞

Netapp StorageGRID is a suite of object storage solutions from U.S.-based NetApp Netapp. A security vulnerability exists in StorageGRID formerly known as StorageGRID Webscale versions prior to 11.6.0 that could lead to a denial of service DoS of the Local Distribution Router LDR service...

GHSA-53M6-44RC-H2Q5 Missing server signature validation in OctoberCMS

Impact This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server. It has been disclosed that a project fork of October CM...

EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2022-1172)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c...

[SECURITY] Fedora 35 Update: snapd-2.54.3-1.fc35

Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages...

Fedora: Security Advisory for snapd (FEDORA-2022-82bea71e5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

europrod-distribution.com Cross Site Scripting vulnerability OBB-2378149

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

What's New in InsightVM and Nexpose: Q4 2021 in Review

Greetings, fellow security professionals. As we enter into the new year, we wanted to provide a recap of product releases and features on the vulnerability management VM front for Q4 2021. Let's start by talking about the elephant in the room. The end of last year was dominated by Log4Shell, the...

Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident – one of a series of politically motivated attacks in Iran...

[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput

Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly. This can lead to loss of funds to users caused by the...

[SECURITY] [DSA 5072-1] debian-edu-config security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5072-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 11, 2022 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5071-1] samba security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5071-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2022 https://www.debian.org/security/faq -...

Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining

Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...

Zenly: Subdomain Takeover of brand.zen.ly

Hello Gents, Background: + Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to...

GHSA-QQ97-VM5H-RRHG OCI Manifest Type Confusion Issue

Impact Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. Patches Upgrade to at least v2.8.0-beta.1 if you are running v2.x release. If you use the code from the main branch, update at least to the commit after...