8751 matches found
SUSE: Security Advisory (SUSE-SU-2022:2565-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Path traversal in unjs/storage leads to code injection due to unsanitzed code generation
Path Traversal A path traversal vulnerability exists within unjs/unstorage when using the file system storage driver. This vulnerability can be exploited when the user has control over the key name. By creating key names containing sequences of ../ or ..: we can navigate the file system. We are...
Important: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SUSE: Security Advisory (SUSE-SU-2022:2540-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:2522-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084776 Security Fixes: OpenJDK: integer truncation issue in...
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
Design/Logic Flaw
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
CVE-2022-31172
OpenZeppelin Contracts (library) is affected by CVE-2022-31172 in versions 4.1.0–4.7.1, where SignatureChecker.isValidSignatureNow may revert due to an incorrect assumption about Solidity 0.8 ABI decoding, especially when a target contract does not implement EIP-1271 as expected. The vulnerabilit...
CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...
Attackers target Ukraine using GoMet backdoor
Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software...
MAL-2022-4142 Malicious code in kenticodevelopmentconfiguration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36d3f0d529878ae211cea487201400019121f904c7564de5cf47ab714b38dcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 35 Update: origin-3.11.2-6.fc35
OpenShift Origin is a distribution of Kubernetes optimized for enterprise app lication development and deployment. OpenShift Origin adds developer and operational c entric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle...
Important: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase...
[SECURITY] Fedora 35 Update: golang-github-shopify-toxiproxy-2.1.4-10.fc35
Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...
[SECURITY] Fedora 35 Update: golang-github-hashicorp-hclog-0.15.0-5.fc35
Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...
CVE-2022-31153
OpenZeppelin Contracts for Cairo (v0.2.0) contains a bug that renders account contracts unusable on live networks. The issue affects all accounts (vanilla and Ethereum flavors) in the v0.2.0 release and only Goerli deployments are affected; StarkNet’s testing framework does not exhibit the faulty...
Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Security Feature Issue Vulnerability (CNVD-2022-84616)
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...
SUSE: Security Advisory (SUSE-SU-2022:2375-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...