Rocky Linux 8 : firefox (RLSA-2022:8580)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8580 advisory. - Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence o...

Lack of flexibility in updating cycle length leading to potential contract redeployment.

Lines of code Vulnerability details Impact function cycleOfuint32 timestamp private view returns uint32 cycle unchecked return timestamp / cycleSecs + 1; and function currCycleStart private view returns uint32 timestamp uint32 currTimestamp = currTimestamp; // slither-disable-next-line weak-prng...

Kevin Mitnick Hacked California Law in 1983

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that theres warrant for his arrest by the California Youth Authority, an...

TimeswapV2LiquidityToken should not use totalSupply()+1 as tokenId

Lines of code Vulnerability details Impact Assuming ERC1155Enumerable is acting normally, there is a Accounting Issue about TimeswapV2LiquidityToken and TimeswapV2Token's tokenId. Different liquidities can have the same tokenId, leading to serious balance manipulation. I'm submitting this issue a...

PT-2023-1816 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to a use-after-free condition when handling USDZ files, potentially allowing an attacker to access sensitive information using a specially crafted USDZ file. This...

KLA20188 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in GuestView can be exploited to cause...

SOCOMEC MODULYS GP (UPDATE A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : SOCOMEC Equipment : MODULYS GP Vulnerability : Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized storage variables can point to unexpected storage locations. Proof of Concept // Exploitable Vulnerability MemoryPointer callData; Tools Used github Recommended Mitigation Steps // Initialize variable "callData" or set the storage attribute...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...

Medium: vim

Issue Overview: The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free, etc. Since heap errors might include buffer overflows...

CVE-2022-46871

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

CVE-2023-21878

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-21867

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-21863

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-21883

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-21880

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2023-21892

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Visual Analyzer. Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...