settleAuction() Check for status errors

Lines of code Vulnerability details Impact ClearingHouse.safeTransferFrom to execute successfully even if there is no bid Proof of Concept settleAuction is called at the end of the auction and will check if the status is legal function settleAuctionuint256 collateralId public if...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

[SECURITY] Fedora 37 Update: awstats-7.8-9.fc37

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

The vulnerability of ManageEngine’s software products is related to errors in processing input data, which allow attackers to execute arbitrary code.

The vulnerability of ManageEngine’s software is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SAML request remotely...

The vulnerability of the Malicious Software Removal Tool (MSRT) lies in synchronization errors when using a common resource, allowing attackers to gain increased privileges.

The vulnerability of the Malicious Software Removal Tool MSRT relates to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

Sewio Real-Time Location System (RTLS) Studio 输入验证错误漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An input validation error vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which stems from susceptibility to incorrect input validation of user input to...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in security configuration errors, allowing attackers to circumvent existing security restrictions.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

GSD-2023-1001292 x86/MCE/AMD: Clear DFR errors found in THR handler

x86/MCE/AMD: Clear DFR errors found in THR handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000900 ext4: fix off-by-one errors in fast-commit block filling

ext4: fix off-by-one errors in fast-commit block filling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000438 ext4: fix off-by-one errors in fast-commit block filling

ext4: fix off-by-one errors in fast-commit block filling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

Resource Limit Increases for EdgeWorkers Yield Big Results

Read about how EdgeWorkers reduced errors resulting from resource limit constraints — unlocking even more opportunities for businesses...

PT-2023-33569 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: A potential security issue has been identified in the THR handler related to Clear DFR errors. The actual impact and attack plausibility have not yet been proven. Recommendations: For versio...

The vulnerability of the Scala programming language interpreter, related to errors during data deserialization, allows attackers to execute arbitrary code.

The vulnerability of the Scala programming language interpreter is related to errors during data deserialization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2023-34369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.163 Description: A potential security issue has been identified in the Linux Kernel related to the handling of DFR errors in the THR handler on x86/AMD systems. The actual impact and attack plausibility ha...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

RHEL 8 : libxml2 (RHSA-2023:0173)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0173 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflo...

Vulnerability of the web service of Google Chrome and Microsoft Edge, allowing a hacker to execute arbitrary code

The vulnerability of the Google Chrome and Microsoft Edge browser services is related to type conversion errors. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the SAP Disclosure Management tool in terms of authentication errors allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Disclosure Management reporting tool is related to authentication errors. Exploiting this vulnerability can allow unauthorized actors, operating remotely, to gain unauthorized access to protected information...