Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

Oracle releases massive Critical Patch Update containing 520 security patches

Oracle has issued a Critical Patch Update which contains 520 new security patches across various product families. A few of these updates may need your urgent attention if you are a user of the affected product. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities a...

FISCO BCOS 输入验证错误漏洞

FISCO BCOS is a blockchain underlying platform. FISCO-BCOS suffers from an input validation error vulnerability that stems from a possible bug in the blockchain node's handling of unformatted packets, which can lead to a crash...

Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12

Summary There were several security problems found with various/other releases of Golang. We have moved the Golang provided in IBP components and also the Golang used to compile Go-based components in IBP to version 1.14.12. Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could...

Security Bulletin: IBP javaenv and dind images

Summary Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID: CVE-2020-1953...

Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.

Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...

SQL Injection Vulnerability in Haitong Blockchain Trading Platform

Haitong Network is an architecture service provider specializing in trading systems, the company has a multi-currency BTC trading platform, wallet blockchain, block browser system and more than a dozen sets of perfect and professional industry systems. SQL injection vulnerability exists in Haiton...

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as...