EUVD-2022-55043

Malicious code in bioql PyPI...

CVE-2022-49452 dpaa2-eth: retrieve the virtual address before dma_unmap

In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dmaunmap The TSO header was DMA unmapped before the virtual address was retrieved and then used to free the buffer. This meant that we were actually removing the DMA map and then...

[WP-H20] Wrong implementation of withdrawRedundant() allows the Vault owner to drain all the funds

Handle WatchPug Vulnerability details Based on the context, withdrawRedundant intends to disallow the owner to withdraw more Vault tokens than the surplus amount. However, the current implementation is wrong, which allows the Vault owner to drain all the funds. function withdrawRedundantaddress...

DuoSecurity Finds Two-Factor Authentication Vulnerability

Hosted two-factor authentication firm Duo Security acknowledged late last week that it discovered a vulnerability in its WordPress plugin duowordpress plugin that could allow a user to bypass two-factor authentication 2FA on a multisite network. Jon Oberheide, one of Duo’s founders, stressed last...