[SECURITY] Fedora 39 Update: kitty-0.30.1-2.fc39

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

Staking functionality temporary blocking due to lack of address zero check

Lines of code Vulnerability details Impact Though lack of zero check issue for the addToBlacklist function is already at the automated findings output, I suppose it is necessary to show the importance of this check here. In case of accidental or malicious the BLACKLISTMANAGERROLE behavior the...

Malicious user can completely prevent all users or users without large funds from staking

Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

Compromised minter can change route to misdirect user funds

Lines of code Vulnerability details Impact The current security assumption revolves around the compromise of a minter, wherein they mint 200k USDe tokens for themselves and subsequently redeem them within the contract. Under this assumption, as long as the gatekeeper key remains secure, the minte...

Juzaweb CMS Injection Vulnerability

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS v.3.4 and earlier versions, which originated from a vulnerability that allows remote attackers to execute arbitrary...

CVE-2023-5813 SourceCodester Task Reminder System sql injection

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=deletereminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

CVE-2023-28803

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9...

CVE-2023-28803 Traffic being bypassed by ZCC by configuring synthetic IP range as local network

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4767-1 advisory. Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary...

Missing payable modifier in ExecutorPlugin.executeTransaction(): Restricts Use of Native Assets (ETH) with Transactions

Lines of code Vulnerability details Impact A registered executor for a submodule cannot send ETH native assets with a transaction because the payable modifier is missing in the executeTransaction function. It's essential to address this issue to ensure full compatibility and functionality for...

CVE-2023-45277

Yamcs 5.8.6 is vulnerable to directory traversal issue 1 of 2. The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files...

CVE-2023-45278

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request...

Directory traversal

Yamcs 5.8.6 is vulnerable to directory traversal issue 1 of 2. The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files...

CVE-2023-45277

Yamcs 5.8.6 is vulnerable to directory traversal issue 1 of 2. The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files...

TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. A security vulnerability exists in TinyMCE, which stems from a mutant cross-site scripting mXSS vulnerability discovered in TinyMCE's core undo and redo functionality...

Ubuntu: Security Advisory (USN-6436-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:4095-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4095-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...