271 matches found
ROS-2-1059
2.1059 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...
ROS-2-1133
2.1133 Notification on the update of MIS OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
Summary FasterXML jackson-databind is used by IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...
Froxlor ęęé®é¢ę¼ę“
Froxlor is a lightweight server management software from the Froxlor team. An authorization issue vulnerability exists in versions of Froxlor prior to 2.1.0 that stems from session fixing...
Potential HTTP policy bypass when using header rules in Cilium
Impact This issue only impacts users who: - Have a HTTP policy that applies to multiple toEndpoints AND - Have an allow-all rule in place that affects only one of those endpoints In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies...
OSV-2023-415 UNKNOWN READ in dxf_fixup_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59097 Crash type: UNKNOWN READ Crash state: dxffixupstring dwgdxfLAYOUTprivate dwgdxfLAYOUT...
SUSE-SU-2023:1759-1 Security update for dpdk
This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key bsc1209188...
My Findings
Lines of code Vulnerability details Impact 1. Integer overflow: In the publishCompressedBytecode function, the check dictionary.length = 2 16 8 is intended to ensure that the dictionary does not become too large, but it is not sufficient to prevent an integer overflow. If dictionary.length exceed...
Security Bulletin: A denial of service vulnerability in JDOM affects IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect for Space Management (CVE CVE-2021-33813)
Summary IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments Data Protection for Microsoft Hyper-V and Data Protection for VMware and IBM Spectrum Protect for Space Management can be affected by a vulnerability in JDOM. The vulnerability can lead to a denial o...
GSD-2023-1002338 IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
IB/IPoIB: Fix legacy IPoIB due to wrong number of queues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.12 by commit...
SUSE-SU-2023:0310-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4450: Fixed double free after calling PEMreadbioex...
OPENSUSE-SU-2022:10255-1 Security update for vlc
This update for vlc fixes the following issues: - Update to version 3.0.18 CVE-2022-41325, boo1206142: + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - A...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165)
Summary An HTTP header injection vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5,...
SUSE-SU-2022:4443-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: release-notes-susemanager: - Mention bsc1205339 at the release notes...
Security Bulletin: Vulnerability in Newtonsoft.Json may affect IBM Spectrum Protect Snapshot for Windows
Summary IBM Spectrum Protect Snapshot for Windows may be affected by a denial of service vulnerability in Newtonsoft.Json Vulnerability Details IBM X-Force ID: 234366 DESCRIPTION: Newtonsoft.Json is vulnerable to a denial of service, caused by improper handling of StackOverFlow exception SOE...
nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services
nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...
GSD-2022-1007610 xen/gntdev: Prevent leaking grants
xen/gntdev: Prevent leaking grants This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.298 by commit 49bb053b1ec367b6883030eb2cca696e91435679,...
Wrong calculation in LBRouter._getAmountsIn.
Lines of code Vulnerability details Impact It calculates the amountsIn wrongly here and the function returns the wrong result. Proof of Concept Currently, getAmountsIn calculates the amountsIn like below. amountsIni - 1 = reserveIn amountOut 1000 / reserveOut - amountOut 997 + 1; As we can see...
_writeCheckpoint not working correctly if oldCheckpoint.fromBlock == block.number
Lines of code Vulnerability details Impact function writeCheckpoint uint256 toTokenId, uint256 nCheckpoints, uint256 memory delegatedTokenIds internal requiredelegatedTokenIds.length 0 && oldCheckpoint.fromBlock == block.number oldCheckpoint.delegatedTokenIds = delegatedTokenIds; else...
Synology Photo Station Session Fixation Vulnerability (CNVD-2022-67854)
Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology Inc. of Taiwan, China. A session fixation vulnerability exists in Synology Photo Station, which can be exploited by attackers to bypass security constraints via unspecified vectors...