4452 matches found
PYSEC-2023-76
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...
PT-2023-20335 · Vm2 +1 · Vm2 +1
Name of the Vulnerable Software and Affected Versions: jsreport versions prior to 3.11.3 Description: The issue is related to code injection in the jsreport GitHub repository. An attacker can exploit this to obtain authority over the jsreport playground server or construct a malicious webpage/htm...
The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, add, or delete data.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating "Important", with the last CVE-2023-20869 is classed as "Critical". Success! @starlabssg used an uninitialized...
CVE-2023-20870
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...
OpenJDK: Swing HTML parsing issue (8296832)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...
CVE-2023-20869
VMware Workstation 17.x and VMware Fusion 13.x contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...
VMware Workstation和VMware Fusion 缓冲区错误漏洞
VMware Workstation and VMware Fusion are both products of VMware, Inc. VMware Workstation is a suite of virtual machine software that provides the ability to run multiple different operating systems simultaneously. VMware Workstation is a suite of virtual machine software that provides the abilit...
VMware Workstation和VMware Fusion 缓冲区错误漏洞
VMware Workstation and VMware Fusion are both products of VMware, Inc. VMware Workstation is a suite of virtual machine software that provides the ability to run multiple different operating systems simultaneously. VMware Workstation is a suite of virtual machine software that provides the abilit...
CVE-2023-20870
CVE-2023-20870 describes an out-of-bounds read in VMware Workstation/Fusion Bluetooth device sharing. Affected products are VMware Workstation 17.x and VMware Fusion 13.x prior to the fixed releases. The known impact is potential reading of privileged information from the guest’s memory. VMware’s...
CVE-2023-30629
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...
PYSEC-2023-131
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...
CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...
CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.3.1 through 0.3.7, which stems from the Vyper compiler generating incorrect bytecode...
Release of a Technical Report into Intel Trust Domain Extensions
Today, members of Google Project Zero and Google Cloud are releasing a report on a security review of Intel's Trust Domain Extensions TDX. TDX is a feature introduced to support Confidential Computing by providing hardware isolation of virtual machine guests at runtime. This isolation is achieved...
CVE-2023-30612
Cloud Hypervisor (VM Monitor for cloud workloads) has a vulnerability (CVE-2023-30612) where an attacker with write access to the API socket can send crafted HTTP requests to close arbitrary open file descriptors, crashing the process and causing DoS; a Use-After-Free is also possible. Affected v...
Dell PowerPath Management Appliance Elevation of Privilege Vulnerability
The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. An elevation of privilege vulnerability exists in Dell PowerPath Management Appliance version 3.3, whic...
CVE-2023-21934
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...
PT-2023-2526 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c and 21c Description: The issue is related to insufficient input validation in the Java VM component of the Oracle Database Server. This can be exploited by a remote attacker to gain read, modify, add, or...