Gas griefing attack on the removeUserActiveBlocks function

Handle shw Vulnerability details Impact The consumed gas to remove a user's active block is proportional to the total number of array elements i.e., block numbers. However, the array size can be arbitrarily increased by an attacker with only paying gas fees, causing a gas griefing attack when the...

activeTransactionBlocks are vulnerable to DDoS attacks

Handle pauliax Vulnerability details Impact There is a potential issue in function removeUserActiveBlocks and the for loop inside it. I assume you are aware of block gas limits they may be less relevant on other chains but still needs to be accounted for, so as there is no limit for...

Advanced SystemCare Ultimate Elevation of Privilege Vulnerability (CNVD-2021-57453)

Advanced SystemCare Ultimate, a Windows optimization suite from Iobit that analyzes system performance bottlenecks, is vulnerable to an elevation of privilege vulnerability in Advanced SystemCare Ultimate version 14.2.0.220. A local attacker can exploit this vulnerability by sending a malicious I...

Advanced SystemCare Ultimate Elevation of Privilege Vulnerability (CNVD-2021-57452)

Advanced SystemCare Ultimate, a Windows optimization suite from Iobit that analyzes system performance bottlenecks, is vulnerable to an elevation of privilege vulnerability in Advanced SystemCare Ultimate version 14.2.0.220. A local attacker can exploit this vulnerability by sending a malicious I...

Advanced SystemCare Ultimate Elevation of Privilege Vulnerability

Advanced SystemCare Ultimate, a Windows optimization suite from Iobit that analyzes system performance bottlenecks, is vulnerable to an elevation of privilege vulnerability in Advanced SystemCare Ultimate version 14.2.0.220. A local attacker can exploit this vulnerability by sending a malicious I...

Advanced SystemCare Ultimate Elevation of Privilege Vulnerability (CNVD-2021-57451)

Advanced SystemCare Ultimate is a Windows optimization suite from Iobit that analyzes system performance bottlenecks. advanced SystemCare Ultimate version 14.2.0.220 contains an elevation of privilege vulnerability. An attacker can exploit the vulnerability by sending a malicious I/O request pack...

Better Real User Monitoring with BoomerangJS and Akamai mPulse

In this blog, we'll walk through a few different snippet insertion methods and available optimizations...

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

usage of safeApprove

Handle pauliax Vulnerability details Impact depositInVault in contract YearnV2YieldSource calls safeApprove when the allowance is less than the token balance: if token.allowanceaddressthis, addressv token.balanceOfaddressthis token.safeApproveaddressv, typeuint256.max; This does not mean that the...

Malicious PDFs Flood the Web, Lead to Password-Snarfing

The pushers behind the SolarMarker backdoor malware are flooding the web with PDFs stuffed with keywords and links that redirect to the password-stealing, credential-snarfing malware. Microsoft Security Intelligence said in a Tweet on Friday that the SolarMarker also known as Jupyter makers are...

CVE-2021-22913

Nextcloud Deck prior to 1.2.7 and 1.4.1 is affected by an information disclosure vulnerability where searches for sharees are sent to the lookup server by default instead of the local Nextcloud server, unless a global search is explicitly chosen. The underlying issue is that the search requests a...

Halve the size of images by optimising for high density displays

A long time ago we had monitors of varying resolutions, but once we started to go beyond 1024x768, screens started to get bigger as resolution got bigger. Then full-colour web-capable mobile phones arrived, but the story was the same. They had small screens, but also small resolutions. Then in 20...

SQL Injection Vulnerability in Website Construction System of Guangzhou Daxun Yunshang Network Technology Co.

Guangzhou Daxun Yunshang Network Technology Co., Ltd. is a company mainly engaged in enterprises and institutions of Internet application services, website construction, mobile station, micro letter platform depth development, SEO website optimization and promotion of business. Guangzhou Daxun...

glibc security update

2.28-151.0.1.el84 - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag ...

IBM Engineering Lifecycle Optimization - Engineering Insights Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization - Engineering Insights is a collaborative Web-based application that unlocks engineering data from a variety of lifecycle management applications to give you the information you need to make the best engineering decisions. A cross-site scripting vulnerabilit...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2021-40858)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

CVE-2020-4977

Summary: CVE-2020-4977 is an stored cross-site scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing. The issue affects the Web UI where arbitrary JavaScript could be embedded, potentially leading to credentials disclosure within a trusted session. The problem is associat...

CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Lifecycle Optimization - Engineeri...