UBUNTU-CVE-2022-49693

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4modesetinitintf ofgraphgetremotenode returns remote device node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcoun...

PT-2024-23549 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Melodic Morenia versions where ROS VERSION is 1 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized information access to multiple ROS nodes...

GHSA-3Q6M-V84F-6P9H quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node attempted to drop the Handshake packet number space...

GO-2023-2024 Out-of-memory vulnerability in github.com/libp2p/go-libp2p

A malicious actor can store an arbitrary amount of data in the memory of a remote node by sending the node a message with a signed peer record. Signed peer records from randomly generated peers can be sent by a malicious actor. This memory does not get garbage collected and so the remote node can...

CVE-2023-40583

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

CVE-2023-40583 libp2p nodes vulnerable to OOM attack

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

Go Ethereum LES protocol implementation vulnerable to Denial of Service

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum aka geth before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip...

Monero: CryptoNote: remote node DoS

Summary: Remote node DoS. See patch below. Releases Affected: All Monero versions, including the recent v0.14.0.2. Possibly all CryptoNote implementations that aren't Zano. Steps To Reproduce: Since this is currently a theoretical attack, non-code PoC detailed in the patch below. Supporting...

Monero: Corrupt RPC responses from remote daemon nodes can lead to transaction tracing

Dear Monero security team, We’re writing to disclose a privacy vulnerability when using monero-cli or monero-gui with an untrusted remote node. When using a remote node, the Monero client relies on the node to provide information from the blockchain, in particular the public keys and transaction...

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...

Scientific Linux Security Update : pacemaker on SL7.x x86_64 (20161103)

Security Fixes : - An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gai...

pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack

It was found that the connection between a pacemaker cluster and a pacemakerremote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service...

Dell OpenManage Server Administrator 8.3 - XML External Entity

!/usr/bin/ruby Exploit Title: Dell OpenManage Server Administrator 8.3 XXE Date: June 9, 2016 Exploit Author: hantwister Vendor Homepage: http://en.community.dell.com/techcenter/systems-management/w/wiki/1760.openmanage-server-administrator-omsa Software Link:...