GHSA-95RX-M9M5-M94V ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions Component: Cosmos SDK Criticality: High Affected Versions: Cosmos SDK versions = 0.50.4, on 0.50 branches Affected Users: Chain developers, Validator and Node operators Impact: Elevation of Privilege...

Fedora: Security Advisory for openjfx (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: openjfx-17.0.11.0-2.fc40

JavaFX/OpenJFX is a set of graphics and media APIs that enables Java developers to design, create, test, debug, and deploy rich client applications that operate consistently across diverse platforms. The media module have been removed due to missing dependencies...

BIT-GITLAB-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`

ASA-2024-002: Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool Component: Cosmos SDK Criticality: Medium Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of...

GHSA-2557-X9MG-76W8 ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`

ASA-2024-002: Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool Component: Cosmos SDK Criticality: Medium Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of...

ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

GHSA-4J93-FM92-RP4M ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...

[SECURITY] Fedora 39 Update: python-cryptography-41.0.7-1.fc39

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

FreeBSD : Composer -- Code execution and possible privilege escalation (33ba2241-c68e-11ee-9ef3-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33ba2241-c68e-11ee-9ef3-001999f8d30b advisory. - Composer is a dependency Manager for the PHP language. In affected versions several files within the...

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition Premium, Ultimate 16.4.3, 16.5.3, and 16.6.1 versions, which stems from a project that uses subgroups to define who can push or merge in...

MRCMS Security Vulnerabilities

MRCMS is a content management system from the individual developers at marker. A security vulnerability exists in MRCMS version 3.0 that stems from not filtering the incoming path parameter...

OWASP Mobile Top 10

Unraveling the Key Components of the Renowned OWASP Mobile Top 10 Index The altruistic initiative, Open Network Application Defense Plan ONADP, spearheads a cluster of operations in its mission to enhance the level of software protection. A cardinal tool emerging from their efforts, The OWASP...

[SECURITY] Fedora 38 Update: sos-4.6.1-1.fc38

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

[SECURITY] Fedora 39 Update: sos-4.6.1-1.fc39

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...