Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper...

GHSA-9WGH-VJJ7-7433 Mutable reference with immutable provenance in image

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...

ERC20Rewards.sol: Consider making rewardsToken immutable

Handle hickuphh3 Vulnerability details Impact While it might seem like a good feature to have, being able to switch reward tokens will only be useful for tokens which are equivalent in value probably stablecoins, pegged tokens since it carries over unclaimed rewards from the previous reward...

merge-change 软件包安全漏洞

merge-change is an open source simple library for deep merging of objects and other types, also for patching and immutable new. The merge-change package has a security vulnerability that makes the package susceptible to prototype contamination via the utils.set function...

5 Steps to Improving Ransomware Resiliency

The ransomware landscape is evolving, and ransomware is now one of the most popular for cybercriminals and damaging types of malwares. The JBS, Colonial Pipeline and Kaseya attacks are the recent high-profile examples of the impact of ransomware and the monumental consequences it can have: Shifts...

CVE-2020-24516

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Privilege escalation

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2021-29539

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...

Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

GHSA-MMHJ-4W6J-76H7 Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...

[SECURITY] Fedora 33 Update: snapd-2.49-1.fc33

Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages...

Fedora: Security Advisory for snapd (FEDORA-2021-2e14fd7c2d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ostree bug fix and enhancement update

OSTree is a tool for managing bootable, immutable, versioned file system trees. Bug Fixes and Enhancements: Rebase Rebase to recent upstream BZ1906069...

CVE-2020-11214

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,...

CVE-2020-11214

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,...

CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...

DEBIAN-CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...

CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...

UBUNTU-CVE-2020-35916

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always correct...