CVE-2023-48221

wire-avs provides Audio, Visual, and Signaling AVS functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has bee...

CVE-2023-48221

CVE-2023-48221 affects wire-avs (AVS component of Wire). A remote format string vulnerability in Wire’s AVS prior to versions 9.2.22 and 9.3.5 could potentially cause a denial of service or, possibly, execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 and 9.3.5 and is already inc...

Security update for yt-dlp (moderate)

openSUSE Security Update: Security update for yt-dlp Announcement ID: openSUSE-SU-2023:0374-1 Rating: moderate References: 1213124 1216467 Cross-References: CVE-2023-35934 CVE-2023-46121 CVSS scores: CVE-2023-35934 NVD : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

Null pointer dereference

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

CVE-2023-48078

CVE-2023-48078 affects Simple CRUD Functionality v1.0. The vulnerability is an SQL injection in the add.php handler, exploitable via the title parameter, allowing arbitrary SQL execution. The reported CVSSv3.1 score is 9.8 (CRITICAL) with network attack vector, no authentication, and all CIA impa...

Intrinsic arbitrage between assets due to price feed deviation threshold

Lines of code Vulnerability details Impact Withdrawals have not yet been implemented but I assume it will be implemented in the usual way such that the fraction of total supply of rsETH a user redeems gives him an equal fraction of total assets held, i.e. received = sharesToRedeem totalAssets /...

Missing pause checks in LRTOracle

Lines of code Vulnerability details Summary The LRTOracle oracle provides functionality to pause the contract but no restrictions are applied when the contract is in a paused state. Impact Similar to the other contracts in the protocol, the LRTOracle contract offers pausing functionality: 101: //...

Funds cannot be withdrawn from EigenLayer

Lines of code Vulnerability details Impact NodeDelegator contracts handle depositing LSTs into EigenLayer to earn yield. However the contract lacks functions to withdraw those tokens afterwards, meaning they will become trapped in the EigenLayer protocol. This breaks the functionality of the...

Moderate: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

November 14, 2023—Hotpatch KB5032304 (OS Build 20348.2091)

November 14, 2023—Hotpatch KB5032304 OS Build 20348.2091 Improvements and fixes This security update includes quality improvements. When you install this KB: This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. ...

Hewlett Packard Enterprise OneView Backup Hard-coded Cryptographic Key Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise OneView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Backu...

PT-2023-7365 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 24.0.2 and earlier Adobe After Effects versions 23.6 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could levera...

PT-2023-7287 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 3.01.01 Description: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality. This issue can be triggered by a specially crafted set of network packets, potentially leading to arbitra...

Artist Royalty Split Proposal Functionality Missing

Lines of code Vulnerability details Impact The protocol's documentation specifies that royalty splits can be proposed by the artist and accepted by the admin. However, the MinterContract does not implement the functionality for artists to propose royalty splits. This inconsistency between the...

Royalty Payment Invariant Violation

Lines of code Vulnerability details Impact The vulnerability in the payment mechanism of the smart contract significantly impacts the protocol's functionality. The root cause of the vulnerability is that, despite the README stating an invariant that "Payments can only be made when royalties are...

Johnson Controls FRICK Quantum HD Unity System Controller Security Vulnerability

Johnson Controls FRICK Quantum HD Unity System Controller is an easy-to-use centralized control system from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls FRICK Quantum HD Unity System Controller that originates from allowing an unauthorized attacker to access...

PT-2023-24649 · WordPress · Malinky Ajax Pagination/Infinite Scroll

Name of the Vulnerable Software and Affected Versions: Malinky Ajax Pagination and Infinite Scroll plugin versions = 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...