EulerOS Virtualization 2.9.1 : python-cryptography (EulerOS-SA-2023-2518)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

EulerOS Virtualization 2.10.1 : python-cryptography (EulerOS-SA-2023-2466)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

GHSA-F5X6-7QGP-JHF3 ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token after its deployment. This ability is due to the inheritance of the setData function from ERC725YCore.sol implemented in...

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details I HAVE ALREADY SUBMITTED THIS ISSUE HOWEVER I MESSED UP THE LINKS FOR IT. CAN YOU PLEASE DISREGARD THE PREVIOUS SUBMISSION? Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token...

Increase in API Calls when Performing Direct Backups to Immutable Object Storage

Article Applicability This article was created to address high API usage observed with Veeam Backup & Replication 12.x. Starting in Veeam Backup & Replication 13, improvements were made to the handling of immutability-related API calls, which will significantly reduce the number of API calls that...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2023-2340)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

ASB-A-243794108

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation...

protobuf-java: Textformat parsing issue leads to DoS

A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection...

LlamaAccount.llamaExecutor may be changed for a malicious purpose and be return to the initial state.

Lines of code Vulnerability details Impact If the delegatecall changes llamaExecutor to an malicious contract, then onlyLlama modifier cannot protect the contract. After the exploit, it can return the llamaExecutor as before. Proof of Concept Update test/mock/MockExtension.sol as below. //...

Apache InLong Security Bypass Vulnerability (CNVD-2023-42960)

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0. An attacker can exploit the vulnerability to change the immutable name and type of an InLong cluster...

Design/Logic Flaw

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

CVE-2023-33199

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

CVE-2023-31103 Apache InLong: Attackers can change the immutable name and type of cluster

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick...

CVE-2023-31206 Apache InLong: Attackers can change the immutable name and type of nodes

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0. An attacker can exploit the vulnerability to change the immutable name and type of an InLong cluster...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0. The vulnerability is caused due to a resource being exposed to the wrong sphere flaw. An attacker can...

PT-2023-23157 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.6.0 Description: The issue affects Apache InLong, allowing attackers to change the immutable name and type of cluster of InLong. Recommendations: For Apache InLong versions 1.4.0 through 1.6.0, upgrade t...