CVE-2023-34112 JavaCPP project actions vulnerable to code injection

JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message​ parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...

A staker with verified over-commitment can potentially bypass slashing completely

Lines of code Vulnerability details Description In EigenLayer, watchers submit over-commitment proof in the event a staker's balance on the Beacon chain falls below the minimum restaked amount per validator. In such a scenario, stakers’ shares are decreased by the restaked amount. Note that when ...

Staker can bypass the debt accrued via beaconChainETHSharesToDecrementOnWithdrawal by transferring shares to another address

Lines of code Vulnerability details Description When a staker is verified to have over-committed and the over-committed amount is greater than their outstanding shares, they accrue a debt that is captured by beaconChainETHSharesToDecrementOnWithdrawal. This debt eventually gets settled when the...

SUSE CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

commitment.lienRequest.strategy.vault can be dffierent from the actual vault

Lines of code Vulnerability details Impact The protocol doesn't check that commitment.lienRequest.strategy.vault is equal to the actual vault. The problem with this is that commitment.lienRequest.strategy.vault and vault might be using 2 different tokens. The borrower gets the token of the actual...

A user can use the same proof for a commitment more than 1 time

Lines of code Vulnerability details Impact A user can use the same commitment signature and merkleData more than 1 time to obtain another loan. Proof of Concept A user needs to make some procedures to take a loan against an NFT. Normally the user calls commitToLiens in AstariaRouter.sol providing...

Culture Fitness

Have you checked in on the overall health of your team lately? What would a new hire think of your current team? Companies all over the world – particularly those of the higher-profile variety – tout their positive cultures and how great it is to be part of the team. This is especially true in th...

Rapid7 Belfast Recognized for “Company Connection” During COVID-19 Pandemic

Irish News has recognized Rapid7 in its Workplace and Employment Awards, where we’ve taken home the trophy for Best Company Connection. Reflecting on the past two years, this award recognizes the organization that best demonstrates how it has adapted its workplace well-being strategy to the...

walkinshowers.org Cross Site Scripting vulnerability OBB-2365702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UVI-2021-1000868 isdn: mISDN: netjet: Fix crash in nj_probe:

isdn: mISDN: netjet: Fix crash in njprobe: This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.195 by commit...

CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

UBUNTU-CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

Authentication flaw

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

CVE-2020-26556

CVE-2020-26556 refers to the Bluetooth Mesh provisioning weakness in Mesh Profile 1.0/1.0.1 where a nearby attacker could brute‑force an insufficiently random AuthValue and, during provisioning, leverage a Malleable Commitment to complete authentication. The description states this can occur befo...

CVE-2020-26556

Removed by vendor...

CVE-2021-29604 Division by zero in TFLite's implementation of hashtable lookup

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...

How exposed are you to cybercrime?

No country, business, or person is immune to cybercrime, and as the Internets influence on our daily lives grows exponentially, so will the level of malicious activity throughout the world. An ever-changing cyber landscape will always carry with it new threats, but are they the same for everyone?...

Respect and Equal Protection For Everyone

We are profoundly distressed by the racism, bigotry and violence committed against people of color in our society and by public institutions. Here at Akamai, we have no tolerance for discrimination. We value our diversity. It is a strength of our organization. And in a moment when many people are...