Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

PT-2025-30106 · Go · Github.Com/Cosmos/Cosmos-Sdk

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

Advisory ROSA-SA-2025-2879

Software: krb5 1.18.2 OS: ROSA Virtualization 2.1 packageevrstring: krb5-1.18.2-32.rv3 CVE-ID: CVE-2020-28196 BDU-ID: 2023-03437 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos network protocol implementation of the Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Alt 8 SP...

Advisory ROSA-SA-2025-2860

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...

Advisory ROSA-SA-2025-2840

Software: expat 2.2.5 OS: ROSA Virtualization 2.1 packageevrstring: expat-2.2.5-16.0.1.rv3 CVE-ID: CVE-2021-45960 BDU-ID: 2022-01003 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the storeAtts function of the Expat library involves uncontrolled resource consumption. Exploitation of the vulnerabili...

Advisory ROSA-SA-2025-2810

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 packageevrstring: libxml2-2.9.7-19.rv30 CVE-ID: CVE-2024-56171 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in libxml2: use-after-free in xmlschemas.c. CVE-STATUS: Vulnerability resolved. CVE-REV: To close the vulnerability, run the...

Advisory ROSA-SA-2025-2788

Software: postgresql 9.2.24 OS: rosa-server79 packageevrstring: postgresql-9.2.24-9.0.4.res7 CVE-ID: CVE-2023-5869 BDU-ID: 2023-07840 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the arrayappend, arrayprepend, arraysubscripthandler functions of the PostgreSQL database management system is related...

IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

GHSA-4WF3-5QJ9-368V IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

Cosmos SDK: x/group can halt when erroring in EndBlocker

Name: ISA-2025-002: x/group can halt when erroring in EndBlocker Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.16, = 0.50.12 Affected users: Validators, Full nodes, Users on chains that utilize the groups module Cosmos SDK...

Advisory ROSA-SA-2025-2677

software: qt4 4.8.7 OS: ROSA-CHROME packageevrstring: qt4-4.8.7-18 CVE-ID: CVE-2023-32763 BDU-ID: 2023-03802 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the QTextLayout component of the Qt cross-platform software development framework is related to buffer copying without input validation...

Advisory ROSA-SA-2025-2632

software: yt-dlp 2023.07.06 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.07.06-2 CVE-ID: CVE-2023-40581 BDU-ID: 2023-06330 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the yt-dlp audio and video download utility due to failure to take measures to neutralize special elements. Exploitatio...

Advisory ROSA-SA-2024-2548

software: kubernetes 1.25.16 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.16-1 CVE-ID: CVE-2023-5528 BDU-ID: 2023-07938 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient input...

CWA-2024-005: Stackoverflow in wasmd

Component: wasmd Criticality: High ACMv1: I:Critical; L:Likely Patched versions: wasmd 0.53.0, 0.46.0 See CWA-2024-005 for more details...

Advisory ROSA-SA-2021-1819

Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...

phpMyRealty (location) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= phpMyRealty location Remote SQL Injection Vulnerability =========================================================...

Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team researchatsecnetops.com Team Lead Contact JxTatsecnetops.com Spam Contact rm -rf /@snosoft.com Who we are: Secure Network Operations provides network...

WebArtFactory CMS Vulnerability

Quick Summary: Product : WebArtFactory CMS. Version : Several in-production old system versions. Vendor : WebArtFactory - http://www.webartfactory.com Class : Remote Criticality : High Operating Systems : N/A. Synopsis From the WebArtFactory webpage: "Somos una empresa de desarrollo de pginas web...

Happy belated Personal Firewall day - SRT2004-01-17-0628 - Agnitum Optpost firewall allows Local SYSTEM access

Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team researchatsecnetops.com Team Lead Contact kfatsecnetops.com Spam Contact rm -rf /@snosoft.com Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS,...

SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM

Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team researchatsecnetops.com Team Lead Contact kfatsecnetops.com Spam Contact rm -rf /@snosoft.com Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS,...