[SECURITY] Fedora 36 Update: golang-github-a8m-tree-0-0.16.20210725gitce3525c.fc36

An implementation of the Unix tree command written in Go, that can be used programmatically...

Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree

Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The...

The vulnerability of the btrfs_alloc_tree_b function (fs/btrfs/extent-tree.c) in the file system of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the btrfsalloctreeb function fs/btrfs/extent-tree.c in the file system of the Linux operating system is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

GSD-2022-1003953 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...

GSD-2022-1003845 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...

GSD-2022-1003698 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

GSD-2022-1003497 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

GSD-2022-1003237 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

GSD-2022-1002592 ext4: avoid cycles in directory h-tree

ext4: avoid cycles in directory h-tree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit 6084240bfc44bf265ab6ae7d96980469b05be0f...

ALSA-2022:5344 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915...

CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...

CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...

IGEL Universal Management Suite 安全漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which originates from the transmission ...

stella-tree.com Cross Site Scripting vulnerability OBB-2641582

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Path Traversal in django-s3file

Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the AWSLOCATION setting...

Buyer can take from a seller an item they had not offered

Lines of code Vulnerability details Impact Orders in Seaport can involve "criteria-based items", in which case it isn't one specific item that can fulfill the order but any one of a set of items. This set of items is the "criteria", and it is specified in the order as the merkle root of a merkle...

Verifying criteria is prone to known merkle proof attacks

Lines of code Vulnerability details The Merkle hash root does not indicate the tree depth, enabling a second-preimage attack in which an attacker creates a document other than the original that has the same Merkle hash root. For the example above, an attacker can create a new document containing...

Merkle Tree criteria can be resolved by wrong tokenIDs

Lines of code Vulnerability details Impact The protocol allows specifying several tokenIds to accept for a single offer. A merkle tree is created out of these tokenIds and the root is stored as the identifierOrCriteria for the item. The fulfiller then submits the actual tokenId and a proof that...

Malicious code in csdn-tree (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deec9b7e940376980cf54f78695f6b5e89bdbcfa2afa4b705397b492ad815343 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2264 Malicious code in csdn-tree (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deec9b7e940376980cf54f78695f6b5e89bdbcfa2afa4b705397b492ad815343 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...