4420 matches found
Adding balance to accumulator does not depend on the current drawId, while documentation says it does
Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...
Metasploit Weekly Wrap-Up
Apache RocketMQ We saw some great teamwork this week from jheysel-r7 and h00die to bring you an exploit module for CVE-2023-33246. In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without...
How Qualys Drives PCI DSS 4.0 Compliance for File Integrity Monitoring
The Payment Card Industry Data Security Standard PCI DSS is a well-known rule for compliance by merchants and entities involved in payment card processing. The new PCI DSS 4.0 standard specifies a broad range of technical and process requirements to ensure the safety of payment cardholder data or...
PYSEC-2023-107
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to containerd security bypass and denial of service vulnerabilities( CVE-2023-25173, CVE-2023-25153)
Summary Potential containerd security bypass and denial of service vulnerabilities CVE-2023-25173, CVE-2023-25153 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTIO...
BranchBridgeAgent invokes anyCall with PAY ON SOURCE but doesn't send value with it. All calls will fail.
Lines of code Vulnerability details Impact IAnycallProxy.anyCall operates under one of two modes of taking fees, namely fees are taken either on source or on the destination chain. Fee mode is decided by the caller with an appropriate value of the fourth parameter, ie. uint256 flag . Values 0,4...
maxSupply in esLBR.sol is wrong
Lines of code Vulnerability details Impact Proof of Concept As mentioned in the docs in line 6 in esLBR.sol contract , the maximum supply will be 55 million . - The maximum amount that can be minted through the esLBRMinter contract is 55 million. But the maximum supply is hardcoded 100 million in...
Wrong proposalThreshold amount in LybraGovernance.sol
Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...
Virtuozzo Hybrid Infrastructure 5.4 Update 3 (5.4.3-100)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover core storage, the system configuration, updates, documentation, and the compute services. Additionally, this release delivers stability improvements and addresses issues found in previous releases...
Exploit for Deserialization of Untrusted Data in Spip
Installation et Exécution du script 💻 Prérequis Avant de...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Go [CVE-2023-24539 and CVE-2023-24540]
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote code injection due to Go CVE-2023-24539 and CVE-2023-24540, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerabl...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)
Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to Golang Go vulnerability (PRISMA-2022-0270)
Summary Golang Go is used IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details IBM X-Force ID: 250518 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a token...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to YAML denial of service (CVE-2023-2251)
Summary YAML is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-2800]
Summary Hugging Face Transformers is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information t...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2023-34104]
Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container for parsing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution due to [CVE-2023-26920]
Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container for parsing XML data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution. This bulletin...
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator are vulnerable to [CVE-2023-24532]
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to an unspecified error due to an error in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go. This bulletin provides patch information to address the reported vulnerability in Golang...
Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...