PT-2023-9548

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The issue is related to the command go env which outputs a shell script containing the Go environment. However, go env does not sanitize the values, allowing for various bad behaviors when its...

Functions Not Considering ERC20 Transaction Fees

Lines of code Vulnerability details Impact Some ERC20 tokens charge a transaction fee for every transfer used to encourage staking, add to liquidity pool, pay a fee to contract owner, etc.. Sometimes this is not a problem but in the cases where the same value is passed to a state variable and to...

Insyde InsydeH2O Input Validation Error Vulnerability

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which stems from...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. This allows a group maintainer to modify the group CI/CD variables resulting in a authorization issue...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because a user with the role of developer could use the import project feature to leak CI/CD variables...

Design/Logic Flaw

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

CVE-2023-31429

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of...

Design/Logic Flaw

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content ...

CVE-2023-31429 Multiple commands print sensitive information in the terminal

Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of...

PT-2023-23317 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.1.1c, 9.2.0 Description: The issue arises when using various commands such as chassisdistribute, reboot, rasman, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable, and...

Brocade Fabric OS Command Injection Vulnerability

Brocade Fabric OS FOS is an embedded operating system used in devices such as switches and routers from Brocade. A command injection vulnerability exists in Brocade Fabric OS, which stems from a security flaw in multiple commands that causes command execution to print the contents of shell...

NFTBoostVault is not a proper implementation/logic contract in upgradeability system

Lines of code Vulnerability details Impact As per the natspec comments in the NFTBoostVault contract, the NFTBoostVault contract "is Simple Proxy upgradeable which is the upgradeability system used for voting vaults in Council". This implies that this contract will be used as the...

CVE-2023-38493 Paths contain matrix variables bypass decorators

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

CVE-2023-38493 Paths contain matrix variables bypass decorators

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

CVE-2023-38493 Paths contain matrix variables bypass decorators

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

Paths contain matrix variables bypass decorators

Impact Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. In this situation, the Armeria decorators might not invoked because of the matrix variables. Let's see the...

GHSA-WVP2-9PPW-337J Paths contain matrix variables bypass decorators

Impact Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. In this situation, the Armeria decorators might not invoked because of the matrix variables. Let's see the...

Server-Side Template Injection (SSTI)

spring-boot-admin-server is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the mailNotifierTemplateEngine function of AdminServerNotifierAutoConfiguration.java does not properly implement the configuration for ClasspathResourceLoader, which allows an attacker ...

Armeria 安全漏洞

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. A security vulnerability exists in versions of Armeria prior to 1.24.3, which stems from a vulnerability that allows the use of JettyService paths containing matrix variables to...

The vulnerability of the xfrm_state_walk_done() function in the net/xfrm/xfrm_user.c module of the XFRM subsystem in the Linux operating system allows a attacker to compromise the integrity, confidentiality, or accessibility of data, or to enhance their privileges.

The vulnerability of the xfrmstatewalkdone function in the net/xfrm/xfrmuser.c module of the XFRM subsystem in the Linux operating system is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to compromise the integrity, confidentiality, or...