RUSTSEC-2023-0071 Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

USN-6494-1: Linux kernel vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...

Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonse...

MGASA-2023-0322 Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin Slonse...

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm is a term we coined to describe a collection...

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

wrong implementation cause unfair distribution

Lines of code Vulnerability details Impact wrong implementation cause unfair fee distribution among sharesHolder Proof of Concept In sell and mintNFt ,tokensInCirculation and tokens owned by address is deducted only after split fee is happened .To be fair , user should not get fee from tokens tha...

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

platform will get 40 percent of fee if fee are below 100

Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...

The vulnerability of the IBM TXSeries transaction application management software for multiple platforms is related to an implementation error in Angular templates, which allows attackers to trigger a service failure.

The vulnerability of the IBM TXSeries transaction application management software for multiple platforms is related to an implementation error in Angular templates. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through a specially crafted request...

CVE-2023-41699

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

CVE-2023-41699

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

CVE-2023-41699

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

CVE-2023-41699 Payara Platform: URL Redirection to untrusted site using FORM authentication

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

CVE-2023-41699 Payara Platform: URL Redirection to untrusted site using FORM authentication

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Payara Platform Payara Server, Micro and Embedded Servlet Implementation modules allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.4...

Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe FrameMaker Publishing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Login method. The issue results from improper implementation of th...

Deposit into strategy could be blocked by limits in EigenLayer

Lines of code Vulnerability details Summary The implementation of depositAssetIntoStrategy deposits the entire balance of the node delegator which could conflict with the max limits per deposit defined in EigenLayer. Impact NodeDelegator are responsible for managing assets in EigenLayer. The...

No slippage and / or deadline protection in depositAsset()

Lines of code Vulnerability details Proof of Concept The function depositAsset allows a user to deposit a specific amount of any supported token and, in return, receive a specific amount of rsETH. This amount of rsETH is calculated by dividing the total value of deposited assets in ETH by the pri...

Rockwell Automation Stratix 5900 Improper Input Validation (CVE-2014-2106)

A vulnerability in the Session Initiation Protocol SIP implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages...