PT-2023-13811 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: The issue is related to memory corruption due to a buffer over-read in the Modem while processing the SetNativeHandle RTP service. This can potentially lead to security risks. The estimated...

Remote Command Execution Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a large-scale enterprise digital platform that deeply applies new-generation digital intelligence technology and is completely based on cloud-native architecture to create an open, interconnected, converged and intelligent integrated cloud platform. A remote command execution...

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...

A Bootiful Podcast: cloud native Chris Richardson

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to original cloud native Chris Richardson on microservices, architecture, and more...

Update now! WinRAR files can be abused to run malware

A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. All the victim has to do is to open a specially crafted archive. After receiving a report about the vulnerability in June, a new version of the software w...

Malicious code in stripe-identity-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...

MAL-2023-1535 Malicious code in stripe-identity-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...

CVE-2023-4265

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359...

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality ...

Malicious code in react-native-transparent-video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1441 Malicious code in react-native-transparent-video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

LendingLedger Lack of method to rescue accidentally sent Canto

Lines of code Vulnerability details Impact There is no function to rescue Canto accidentally sent to LendingLedger so if governance fat-finger those Canto could be lost forever. Proof of Concept There is no function to transfer native token out of LendingLedger Tools Used Manual inspection...

check for the reentrancy attack is missed in the claim function

Lines of code Vulnerability details Impact the function claim in the LendingLedger.sol will send native token $CANTO to the msg.sender by .call which it can be EOA or Contracts, because there is no any RA checks the caller can make double call in the same time to get himself more tokens reward th...

_sendToken in tapiocaz::Balancer::rebalance() not sending native fee will lead to revert

Lines of code Vulnerability details Impact function sendToken address payable oft, uint256 amount, uint16 dstChainId, uint256 slippage, bytes memory data private IERC20Metadata erc20 = IERC20MetadataITapiocaOFToft.erc20; if erc20.balanceOfaddressthis amount revert ExceedsBalance; uint256 srcPoolI...

Calc token amount can be manipulated

Lines of code Vulnerability details Impact function calcDepositInOneCoin uint2563 memory arr private view returns uint256 return liquidityPool.calctokenamountarr, true; This function is being used to calculate slippage, return value calctokenamount can be manipulated as described in POC section,...

Beating the Challenge of Cloud Detection and Response with Qualys TotalCloud Deep Learning AI

Lets go beyond the limitations of configuration management-only, non-cloud-native EDR tools for threat detection & response using deep learning AI. The global adoption of cloud technology has supercharged agile innovation in virtually every business sector. As a result, organizations are now...

Wiz's agentless approach to cloud-native vulnerability management

Prioritize critical vulnerabilities based on business impact with Wiz’s agentless Vulnerability Management solution...

CVE-2022-43831

IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941...

Code injection

IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941...

CVE-2022-43831 IBM Spectrum Scale privilege escalation

IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941...