347 matches found
UBUNTU-CVE-2021-4001
A race condition was found in the Linux kernel's ebpf verifier between bpfmapupdateelem and bpfmapfreeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege capsysadmin or capbpf can modify the frozen mapped address space. This flaw affects kernel...
Funds in FSDVesting.sol can be frozen by the attacker
Handle WatchPug Vulnerability details In the current implementation, anyone can call function updateVestedTokens to add an arbitrary amount to the beneficiary's vesting amount without sending any of it. This allows the attacker to make the amount typeuint256.max and call to claimVestedTokens will...
Permissioned nature of TwapOracle allows owner to manipulate oracle
Handle TomFrench Vulnerability details Impact Potentially frozen or purposefully inaccurate USDV:VADER price feed. Proof of Concept Only the owner of TwapOracle can call update on the oracle. Should the owner desire they could cease calling update on the oracle for a period. Over this period the...
PT-2021-7382 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16 rc2 Description: A race condition was found in the Linux kernel's ebpf verifier between bpf map update elem and bpf map freeze due to a missing lock in kernel/bpf/syscall.c. This issue allows a local user...
Security Scorecards - Security Health Metrics For Open Source
Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...
New Google Scorecards Tool Scans Open-Source Software for More Security Risks
Google has launched an updated version of Scorecards, its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source...
SUSE: Security Advisory (SUSE-SU-2020:14551-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang
The leader of Mexicos Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexicos top tourist destinations over the past five years. The scandal is the latest fallo...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:1815-1 Rating: important References: 1120892 1141102 1141649 Cross-References: CVE-2018-20073 CVE-2019-5847 CVE-2019-5848 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 SUS...
chromium-browser: V8 sealed/frozen elements cause crash
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2018-15664
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operatio...
Wall Street Market reported to have exit scammed
Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...
Description of the security update for Excel 2016: September 11, 2018
None None...
UBUNTU-CVE-2018-12247
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrbclass, related to certain .clone usage, because mrbobjclone in kernel.c copies flags other than the MRBFLAGISFROZEN flag e.g., the embedded flag...
Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange
Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets nearly $420 million in NEM tokens and $112 in Ripples. In 2014, Mt Gox, one of the largest bitcoin exchange at that time,...
Oh, Crap! Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum
Horrible news for some Ethereum users. About $300 million worth of Ether—the cryptocurrency unit that has become one of the most popular and increasingly valuable cryptocurrencies—from dozens of Ethereum wallets was permanently locked up today. Smart contract coding startup Parity Technologies,...
Chrome memory the bug be exploited by hackers: Google has yet to fix-vulnerability warning-the black bar safety net
According to foreign media reports, recently the IT security and protection company Sophos announced that the Chrome browser there is a Bug currently has hackers use. Worse, Google two years ago are aware of this Bug, but until today not yet repaired. ! Chrome memory the bug be exploited by...
Brazil Freezes $11.7 Million of Facebook Funds for Not Complying with Court Orders
Facebook's legal war with Brazilian government seems to be never-ending. Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under...
1941 Frozen Front - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application 1941 Frozen Front published at the 'play' market has multiple vulnerabilities...
Hidden Mahjong: Frozen - Base64 encoded String, Dangerous filesystem permissions, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application Hidden Mahjong: Frozen published at the 'play' market has multiple vulnerabilities...