Lucene search
K

8751 matches found

OpenVAS
OpenVAS
added 2022/07/28 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:2565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.8AI score0.02413EPSS
Exploits0References4
Huntr
Huntr
added 2022/07/27 4:27 p.m.10 views

Path traversal in unjs/storage leads to code injection due to unsanitzed code generation

Path Traversal A path traversal vulnerability exists within unjs/unstorage when using the file system storage driver. This vulnerability can be exploited when the user has control over the key name. By creating key names containing sequences of ../ or ..: we can navigate the file system. We are...

7.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/07/25 6:48 p.m.60 views

Important: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.7AI score0.17673EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2022/07/25 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:2540-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.46677EPSS
Exploits6References12
OpenVAS
OpenVAS
added 2022/07/25 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2022:2522-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.5AI score0.01259EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2022/07/25 12:0 a.m.39 views

Important: java-1.8.0-openjdk security, bug fix, and enhancement update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084776 Security Fixes: OpenJDK: integer truncation issue in...

7.5CVSS7.1AI score0.17673EPSS
Exploits2References8
NVD
NVD
added 2022/07/22 4:15 a.m.24 views

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS0.00413EPSS
Exploits0References2
Prion
Prion
added 2022/07/22 4:15 a.m.17 views

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

5CVSS7.4AI score0.00413EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/21 2:0 p.m.16 views

CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

7.5CVSS7.4AI score0.00648EPSS
Exploits0References4
CVE
CVE
added 2022/07/21 1:55 p.m.97 views

CVE-2022-31172

OpenZeppelin Contracts (library) is affected by CVE-2022-31172 in versions 4.1.0–4.7.1, where SignatureChecker.isValidSignatureNow may revert due to an incorrect assumption about Solidity 0.8 ABI decoding, especially when a target contract does not implement EIP-1271 as expected. The vulnerabilit...

7.5CVSS7.4AI score0.00413EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/21 1:55 p.m.32 views

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS7.3AI score0.00413EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2022/07/21 12:0 p.m.375 views

Attackers target Ukraine using GoMet backdoor

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...

10CVSS0.4AI score0.99999EPSS
Exploits69
OSV
OSV
added 2022/07/21 10:55 a.m.9 views

MAL-2022-4142 Malicious code in kenticodevelopmentconfiguration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36d3f0d529878ae211cea487201400019121f904c7564de5cf47ab714b38dcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Fedora
Fedora
added 2022/07/20 1:40 a.m.29 views

[SECURITY] Fedora 35 Update: origin-3.11.2-6.fc35

OpenShift Origin is a distribution of Kubernetes optimized for enterprise app lication development and deployment. OpenShift Origin adds developer and operational c entric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle...

9.3CVSS8.9AI score0.05335EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2022/07/19 9:7 p.m.4 views

Important: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase...

9.8CVSS6.7AI score0.21514EPSS
Exploits5References1
Fedora
Fedora
added 2022/07/17 1:16 a.m.41 views

[SECURITY] Fedora 35 Update: golang-github-shopify-toxiproxy-2.1.4-10.fc35

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...

9.3CVSS8.2AI score0.05994EPSS
Exploits3
Fedora
Fedora
added 2022/07/17 1:15 a.m.24 views

[SECURITY] Fedora 35 Update: golang-github-hashicorp-hclog-0.15.0-5.fc35

Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...

9.3CVSS8.1AI score0.05994EPSS
Exploits4
CVE
CVE
added 2022/07/15 5:50 p.m.90 views

CVE-2022-31153

OpenZeppelin Contracts for Cairo (v0.2.0) contains a bug that renders account contracts unusable on live networks. The issue affects all accounts (vanilla and Ethereum flavors) in the v0.2.0 release and only Goerli deployments are affected; StarkNet’s testing framework does not exhibit the faulty...

6.5CVSS6.4AI score0.01115EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2022/07/13 12:0 a.m.24 views

Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Security Feature Issue Vulnerability (CNVD-2022-84616)

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...

9.8CVSS0.9AI score0.00918EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/07/13 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2022:2375-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.00573EPSS
Exploits0References5
Rows per page
Query Builder