CVE-2022-35917

CVE-2022-35917 affects Solana Pay’s transfer validation logic (validateTransfer) used when locating a transaction via a reference key. The edge case could cause the validation to approve multiple transfers instead of a single intended transfer. The issue is mitigated by upgrading to version 0.2.1...

NGINX zero-day vulnerability: Check if you’re affected

On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 and promised to warn companies affected by it. On April 10, BlueHornet claimed to have breached the China branch of UBS Securities using the NGINX vulnerability. All we learned on Twitter was that a new...

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol LDAP Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use...

CVE-2021-41131

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

Path traversal

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

[SECURITY] Fedora 32 Update: golang-github-andybalholm-brotli-1.0.1-1.fc32

This package is a brotli compressor and decompressor implemented in Go. It was translated from the reference implementation https://github.com/google/bro tli with the c2go tool at https://github.com/andybalholm/c2go...

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

Information disclosure

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

RUSTSEC-2020-0024 Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic...

[SECURITY] Fedora 26 Update: tomcat-8.0.46-1.fc26

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

SA139 : November 2016 NTP Security Vulnerabilities

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...

[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Overflow in UEFI Variable Reclaim Function - Lenovo Support US

No description provided...

Thunderstrike 2 Mac OS X Firmware Worm

A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that...

J2EE 1.4 reference implementation: database component allows remote code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory i/12-2003 www.illegalaccess.org J2EE 1.4 reference implementation: database component allows remote code execution Brief ===== Product : J2EE reference implementation java.sun.com/j2ee/download.html Component :...