Iterations over all tiers in recordMintBestAvailableTier can render system unusable

Lines of code Vulnerability details Impact JBTiered721DelegateStore.recordMintBestAvailableTier potentially iterates over all tiers to find the one with the highest contribution floor that is lower than amount. When there are many tiers, this loop can always run out of gas, which will cause some...

Oracle Auditing Part 3: Unified Auditing

This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...

Faraday v3.0 - Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...

Faraday Beta v3.0 - Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...

Third-Party Software Library Risks Scrutinized at Black Hat

Enterprise application developers are under real pressures to push projects out the door quickly and cheaply, and each new version certainly has to be better than the last. This forces them to make decisions that, at a minimum, improve efficiency—and also introduce additional risks. Of particular...

Qualcomm missing checks put_user get_user

Missing access checks in putuser/getuser kernel API CVE-2013-6282 QCIR-2013-00010-1: The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain...