Input validation

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...

[SECURITY] Fedora 35 Update: varnish-modules-0.18.0-5.fc35

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

Collect modules can fail on zero amount transfers if treasury fee is set to zero

Lines of code Vulnerability details Impact Treasury fee can be zero, while collect modules do attempt to send it in such a case anyway as there is no check in place. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. This way, a combination of zero treasury fee and such...

Fedora: Security Advisory for varnish-modules (FEDORA-2022-2f14ec7663)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary File Override in Docker Engine

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

GHSA-V4H8-794J-G8MM Arbitrary File Override in Docker Engine

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

Basis points constant BPS_MAX is used as minimal fee amount requirement

Lines of code Vulnerability details Impact Base fee modules require minimum fixed fee amount to be at least BPSMAX, which is hard coded to be 10000. This turns out to be a functionality restricting requirement for some currencies. For example, WBTC , 10 in ERC20 token rankings, has decimals of 8...

Reentrancy allows commenter to overwrite own comments

Lines of code Vulnerability details Since the Lens platform is a blockchain-based social media platform, it's important that information relevant to users be emitted so that light clients need not continually refer to the blockchain, which can be expensive. From the docs: Events are emitted at...

GHSA-V8WR-R69P-MMWX Unrestricted Upload of File with Dangerous Type in Drupal core

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

Information disclosure

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

com.soterianetworks:spase-cipped (>=0.9.17 <=0.9.46), com.soterianetworks:spase-cipped-starter (>=0.9.17 <=0.9.46) +47 more potentially affected by CVE-2019-11343 via org.torpedoquery:org.torpedoquery (>=1.7.0 <=2.5.1)

org.torpedoquery:org.torpedoquery MAVEN version =1.7.0, =0.9.17, =0.9.17, =0.9.0, =0.9.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.12.2 - de.alpharogroup:dating-system-business =3.11.0 - de.alpharogroup:dating-system-domain =3.11.0 - de.alpharogroup:dating-system-init =3.11.0 -...

org.eclipse.hono:client-device-connection-infinispan (>=1.2.0 <=1.12.3), org.eclipse.hono:hono-adapter-amqp-vertx (>=0.7 <=1.12.3) +67 more potentially affected by CVE-2020-27217 via org.eclipse.hono:hono-core (>=0.5 <=1.4.0)

org.eclipse.hono:hono-core MAVEN version =0.5, =1.2.0, =0.7, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.4.0, =0.8-M11, =0.8-M11, =1.10.0, =0.5, =0.5, =1.10.0, =0.5, =1.0-M5, =1.12.3 and more Source cves: CVE-2020-27217 Source advisory: OSV:GHSA-9F52-HPVW-V96W...

LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23575 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23575 Source advisory: OSV:GHSA-C94W-C95P-PHF8...