SUSE CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

CVE-2022-39394

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtimetrapcode does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2427)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...

MGASA-2022-0227 Updated docker-containerd packages fix security vulnerability

A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

Twitter Warns Developers of API Bug That Exposed App Keys, Tokens

Twitter developers are being warned of a security bug that may have exposed their applications’ credential information – including sensitive application keys and access tokens. The issue stemmed from a caching issue in developer.twitter.com. When developers visited this website, it temporarily...

openSUSE Security Update : virtualbox (openSUSE-2020-1511)

This update for virtualbox fixes the following issues : Version Bump to 6.0.24 released July 14 2020 by Oracle This is a maintenance release. The following items were fixed and/or added : - API: Fix unintentionally enabled audio due to a settings file version dependent bug - VBoxManage: Fix crash...

A week in security (December 10 – 16)

Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...

Google Accelerates Google+ Shutdown After New Bug Discovered

The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said Monday. Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in...

Doorkeeper gem does not revoke token for public clients

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

Instagram API Bug Could Allow Malware Downloads

A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust...

kernel security and bug fix update

2.6.9-78.0.17.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon wit...

kernel security and bug fix update

2.6.9-67.0.22.0.1.EL - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon wit...