MID-Risk Vulnerabilities in the Axelar Smart Contracts

Lines of code Vulnerability details Impact The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to: Gain control of the Axelar network by proposing and voting on malicious proposals. Mint or burn...

Fedora: Security Advisory for php (FEDORA-2023-2b7eeaaee5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for editorconfig (FEDORA-2023-6e5d4757df)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: editorconfig-0.12.6-1.fc37

EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...

Sql injection

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

CVE-2023-32308 SQL Injection Vulnerability in anuko timetracker

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

Product Security: Harnessing the Collective Experience and Collaborative Tools in DevSecOps

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villain...

How to Teach Your Child Coding: A Gift for Their Digital Future

By Owais Sultan Let's code, kids! This is a post from HackRead.com Read the original post: How to Teach Your Child Coding: A Gift for Their Digital Future...

OSV-2023-257 Global-buffer-overflow in read_coding_unit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57566 Crash type: Global-buffer-overflow READ 1 Crash state: readcodingunit readcodingquadtree readcodingquadtree...

Hard coding ChainID is error prone

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

referralRegisterTickets there is an inaccurate calculation of the total number of tickets for referrers

Lines of code Vulnerability details Impact There is an inaccurate total ticket count for referrers, that is, when the number of unclaimed tickets for referrers has reached the minimum EligibleReferralscurrentDraw, but when the number of referrer tickets is added to the new number of tickets will...

Debian: Security Advisory (DLA-1178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1179-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2023-24752

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ffhevcputhevcepelpixels8sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...

U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████

A directory traversal vulnerability was discovered in the downloadForm endpoint of a web application, allowing an attacker to read files on the system by adding "../" to the filename parameter. This could potentially lead to the disclosure of sensitive information or system compromise. The...

K17251: Apache vulnerability CVE-2015-3183

Security Advisory Description The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values...

K15650046: Tcl code injection security exposure

Security Advisory Description Certain coding practices may allow an attacker to inject arbitrary Tool Command Language Tcl commands, which can be executed in the security context of the target Tcl script by the running Tcl interpreter. Note: This issue affects any user-supplied Tcl code executed ...

SUSE CVE-2011-4516

Heap-based buffer overflow in the jpccoxgetcompparms function in libjasper/jpc/jpccs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted numrlvls value in a coding style default COD marker segment in a JPEG2000 file...

SUSE CVE-2012-5132

Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service application crash via a response with chunked transfer coding...