The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to carry out spoofing attacks.

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to information representation errors in the user interface. This vulnerability allows a remote attacker to perform spoofing attacks...

SUSE: Security Advisory (SUSE-SU-2023:4224-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of Firefox ESR and the Thunderbird email client, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Firefox ESR and the Thunderbird email client is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created link...

The vulnerability of the Linux operating system’s kernel, caused by synchronization errors when using shared resources, allows a hacker to execute arbitrary code.

The vulnerability of the Linux operating system’s kernel arises from synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of Juniper Networks’ Junos OS routers of the SRX series, related to errors during authentication, allows attackers to circumvent Juniper’s Deep Packet Inspection (JDPI) rules.

The vulnerability of Juniper Networks’ Junos OS routers of the SRX series is related to errors during authentication processes. Exploiting this vulnerability can allow a malicious actor to bypass Juniper’s Deep Packet Inspection JDPI rules...

The vulnerability of the “//line” directive in the Go programming language allows a violator to execute arbitrary code.

The vulnerability of the “//line” directive in the Go programming language is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Android operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of Android operating system kernels is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

SUSE: Security Advisory (SUSE-SU-2023:4212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4214-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR bsc1216338: - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling inval...

The vulnerability of the nginx.ingress.kubernetes.io/configuration-snippet component in the Kubernetes ingress-nginx cluster allows a attacker to execute arbitrary code or escalate their privileges.

The vulnerability of the nginx.ingress.kubernetes.io/configuration-snippet component, which handles incoming traffic in the Kubernetes ingress-nginx cluster, is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or increase...

CVE-2023-5723

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

Code injection

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

USN-6452-1 vim vulnerabilities

It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. CVE-2023-3896 It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a...

Price inflation by locking CVX on behalf of VotiumStrategy

Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...

PT-2023-8615 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.0-rc-1 through 14.4.7 XWiki Platform versions 14.0-rc-1 through 14.10.3 XWiki Platform versions 14.0-rc-1 through 14.9.x XWiki Platform version 15.0-rc-1 is not affected, but versions prior to it are Description: Th...

CVE-2023-5723

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

Price inflation pump

Lines of code Vulnerability details Impact AfEth price can be inflated until severe rounding errors occur. Proof of concept Deposit in AfEth such that totalValue == 1 and thus 1 afEth is minted. Then AfEth.price will be in the open interval $1,2$ AfEth.price $= 1$ is extremely unlikely. Deposit i...

UBUNTU-CVE-2023-5723

An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...

The vulnerability of the `mm_answer_pam_free_ctx` function in the OpenSSH cryptographic protection mechanism allows a attacker to execute arbitrary code or halt the sshd service.

The vulnerability of the mmanswerpamfreectx function in the OpenSSH cryptographic security tool is related to privilege management errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code or halt the sshd service...

M-06 Unmitigated

Lines of code Vulnerability details Mitigation of M-06: Issue NOT mitigated Mitigated issue M-06: Missing deadline check for AfEth actions The issue was missing deadline checks for deposits and withdrawals. Mitigation review - missing deadline for rewards Deadline parameters have been added to...