4420 matches found
[SECURITY] Fedora 37 Update: python3-docs-3.11.5-1.fc37
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406 with details below. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP head...
Apache HDFS Provider error message suggested
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...
CVE-2023-41267
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...
Code injection
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...
CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...
PCI v4 is coming. Are you ready?
If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...
BELL-CVE-2023-3301
Bulletin has no description...
Fedora: Security Advisory for python3-docs (FEDORA-2023-3d13b093d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: python3-docs-3.11.5-1.fc38
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.323.8.el8 - vhost-scsi: Fix alignment handling with windows Mike Christie Orabug: 35769318 - Revert 'vhost/scsi: support non zerocopy iovecs' Rajan Shanmugavelu Orabug: 35769318 5.4.17-2136.323.7.el8 - x86: change default to specstorebypassdisable=prctl spectrev2user=prctl Andrea...
The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault
Lines of code Vulnerability details Impact The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault. This will reduce the capital utilization rate, because the fee should be added to the LP to earn interest, but now because the vault address cann...
Lack of access control lets anyone rescind any delegate token
Lines of code Vulnerability details Impact There is no access control for the function rescind, thus 1 it lets anyone rescind any token, either he is the owner or not and 2 the documentation does not adhere to the current implementation. Proof of Concept The documentation above the definition of...
Metasploit Weekly Wrap-Up
New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...
Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service due to [CVE-2022-28948]
Summary Go-Yaml is used internally by IBM App Connect Enterprise Certified Container for reading YAML configuration. IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...
Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1
Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...
CVE-2021-36646
creationtimestamp| type| source ---|---|--- 2023-09-06 20:17:48+00:00| seen| https://t.me/cibsecurity/70018 2025-05-21 12:38:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-36646.yaml 2025-05-22 21:02:16+00:00| seen|...
Transfering Bonds would create confusion among delegators because of non-deletion of unbondingLocks & assigning all the new delegators the same unbounding id
Lines of code Vulnerability details transferBond function is used to transfers ownership of a bond to a new delegator using optional hints if needed. Here the old unbound lock is deleted after creating a new one in unbondWithHint function. But the problem lies in the delete operation as it does n...
The function does not restrict who can call it beyond the check for the delegator's status
Lines of code Vulnerability details Impact Access Control: The function does not restrict who can call it beyond the check for the delegator's status i.e., it must be Bonded. If there are additional constraints on who should be able to call this function e.g., only the original delegator, those...
Debian dla-3552 : gstreamer1.0-plugins-ugly - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3552 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3552-1 [email protected] https://www.debian.org/lts/security/...