Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market toda...

GO-2024-3081 CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd

CWA-2024-006: wasmd non-deterministic modulequerysafe query in github.com/CosmWasm/wasmd...

Improper Validation Of Non-deterministic Behavior

github.com/cosmwasm/wasmd is vulnerable to Improper validation of non-deterministic behavior. The vulnerability is due to the incorrect marking of the SmartContractState query as safe, which may cause non-deterministic outcomes across different nodes. Attackers can potentially exploit this...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-2282)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmd 0.53.0 See CWA-2024-006 for more details...

GHSA-FPGJ-CR28-FVPX CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmd 0.53.0 See CWA-2024-006 for more details...

CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmd 0.53.0 See CWA-2024-006 for more details...

The AI Hangover is Here – The End of the Beginning

After a good year of sustained exuberance, the hangover is finally here. It's a gentle one for now, as the market corrects the share price of the major players like Nvidia, Microsoft, and Google, while other players reassess the market and adjust priorities. Gartner calls it the trough of...

SUSE-SU-2024:2546-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-28835: Fixed a certtool crash when verifying a certificate chain bsc1221747. - CVE-2024-28834: Fixed a side-channel attack in the deterministic ECDSA bsc1221746. Other fixes: - Fixed a memory leak when using the entropy collector...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2024-1884)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1869)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in Be.Vlaandereո.Basisregіsters.Generators.Guid.Deterministic (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4127 Malicious code in Be.Vlaandereո.Basisregіsters.Generators.Guid.Deterministic (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaandereո.Basisregіsters.Generаtors.Guiԁ.Deterministic (NuGet)

--- -= Per source details. Do not edit below this line.=-...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leadi...

kernel-rt security and bug fix update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

CLSA-2024-1717692967 libxml2: Fix of 2 CVEs

CVE-2023-29469: dict.c: fix non-deterministic hashing of empty dict strings - CVE-2023-28484: fix NULL pointer dereferences in xmlSchemaFixupComplexType and xmlSchemaCheckCOSSTDerivedOK...

Out-of-Bounds-Read

org.iq80.snappy: snappy is vulnerable to Out-of-Bounds-Read. The vulnerability is due to the usage of the JDK class sun.misc.Unsafe to speed up memory access without performing additional bounds checks, which can result in non-deterministic behavior or a JVM crash...

CVE-2024-36124

A flaw was found in the iq80 Snappy compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed, and thi...