98 matches found
Xen: x86: BTC/SRSO Fixes Not Fully Effective (XSA-446)
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe as it was believed that the mitigations were always operated in contexts with IRQs disabled. However due to an unanticipated interaction with XSA-254 Meltdown, a race condition exists whereb...
Fedora 38 : xen (2023-56901a79a1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-56901a79a1 advisory. x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445, CVE-2023-46835 x86: BTC/SRSO fixes not fully effective XSA-446, CVE-2023-46836...
SUSE-SU-2023:4486-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...
SUSE-SU-2023:4485-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...
SUSE-SU-2023:4484-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...
SUSE-SU-2023:4476-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero XSA-439 bsc1215474. - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests XSA-438 bsc1215145. - CVE-2023-34325: Multiple vulnerabilities in...
SUSE-SU-2023:4466-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...
x86: BTC/SRSO fixes not fully effective
ISSUE DESCRIPTION The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabl...
MAL-2023-1550 Malicious code in btc-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f59f6e40fe31bd4d5d4aa5da8bc0d032e2bbff9166104dc707c2987f953a5d93 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
2 Russians charged in Mt. Gox Bitcoin heist and BTC-e money laundering
By Habiba Rashid Accused individuals allegedly conspired to launder around 647,000 stolen Bitcoins from Mt. Gox, leading to its collapse. This is a post from HackRead.com Read the original post: 2 Russians charged in Mt. Gox Bitcoin heist and BTC-e money laundering...
Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack
The U.S. Department of Justice DoJ has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accuse...
Satacom delivers browser extension that steals cryptocurrency
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...
com.btc.ep:btc-embeddedplatform (>=2.5.8 <=2.5.9), org.jenkins-ci.plugins:qmetry-for-jira-test-management (>=1.11 <=1.26) potentially affected by CVE-2023-32981 via org.jenkins-ci.plugins:pipeline-utility-steps (=1.1.1)
org.jenkins-ci.plugins:pipeline-utility-steps MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:pipeline-utility-steps and may be impacted: - com.btc.ep:btc-embeddedplatform =2.5.8, =1.11, =1.26 Source cves:...
Upgraded Q -> M from #598 [1674741102558]
Judge has assessed an item in Issue 598 as M risk. The relevant finding follows: 2.minDepositAmount When the asset is btc, the minDepositAmount is too large when asset == btc , minDepositAmount = 0.1 btc , equal 2000 usd suggest: function minDepositAmount public view virtual overrideERC4626Cloned...
Data of Israeli Employees from 29 Logistics Firms Sold Online
By Waqas The 50GB worth of data is currently being sold on two clear web forums with a price tag of 1 BTC per database. This is a post from HackRead.com Read the original post: Data of Israeli Employees from 29 Logistics Firms Sold Online...
com.btc.ep:btc-embeddedplatform (>=2.5.8 <=2.5.9), org.jenkins-ci.plugins:qmetry-for-jira-test-management (>=1.11 <=1.26) potentially affected by CVE-2022-45381 via org.jenkins-ci.plugins:pipeline-utility-steps (=1.1.1)
org.jenkins-ci.plugins:pipeline-utility-steps MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:pipeline-utility-steps and may be impacted: - com.btc.ep:btc-embeddedplatform =2.5.8, =1.11, =1.26 Source cves:...
com.bmc.ims:bmc-cfa (=198.vfe106798d1a6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +158 more potentially affected by CVE-2022-43409 via org.jenkins-ci.plugins.workflow:workflow-support (>=0.1-beta-1 <=819.v37d707a_71d9b_)
org.jenkins-ci.plugins.workflow:workflow-support MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.0, =1.3.0, =320.v5a0933ae7d61, =1.0, =1.0, =0.9.0, =1.0, =1.20 and more Source cves: CVE-2022-43409 Source advisory: OSV:GHSA-64R9-X74Q-WXMH...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +39 more potentially affected by CVE-2022-43401 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2660.vb_c0412dc4e6d)
org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-43401 Source advisory: OSV:GHSA-7VR5-72W7-Q6JC...
Popular YouTuber Scuba Jake’s channel hacked to run crypto scam
By Waqas Scuba Jake, whose real name is Jake Koehler, had his YouTube channel "DALLMYD" with 13 million subscribers hacked to steal 1.01 BTC. This is a post from HackRead.com Read the original post: Popular YouTuber Scuba Jakes channel hacked to run crypto scam...
Exploit for Code Injection in Wptaskforce Wpcargo_Track_\&_Trace
CVE-2021-25003 !made-with-pythonhttps://img.shields.io/bad...