9165 matches found
[SECURITY] Fedora 38 Update: mariadb-10.5.20-1.fc38
MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...
Lack of Access Control
Lines of code Vulnerability details Impact The contract does not enforce proper access control mechanisms for critical functions such as deployWithdrawVault, deployNodeELRewardVault, updateStaderConfig, and updateVaultProxyAddress. As a result, any address can call these functions and potentially...
Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days
Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...
VaultProxy implementation can be initialized by anyone and self-destructed
Lines of code Vulnerability details Impact When the VaultFactory contract is deployed and initialized, the initialise method on the newly created VaultProxy implementation contract is never called. As such, anyone can call that method and pass in whatever values they want as arguments. One...
Ubuntu: Security Advisory (USN-6151-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2023-2142)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-2190)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...
USN-6151-1 linux-xilinx-zynqmp vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...
Guide to Serverless Architecture Design Patterns
Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs...
Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds
Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...
Ubuntu: Security Advisory (USN-6135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Hashicorp Consul vulnerable to denial of service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...
How To Reduce Cost Overruns For AI Implementation Projects
By Owais Sultan AI implementations can be costly and drain their allotted budgets. Thankfully, you can learn how to reduce your… This is a post from HackRead.com Read the original post: How To Reduce Cost Overruns For AI Implementation Projects...
CVE-2023-32690
Summary: libspdm (DMTF SPDM) prior to versions 2.3.3 and 3.0 stores the responder’s CTExponent after a CAPABILITIES response without validation. If a cryptographic operation is later requested (e.g., CHALLENGE), the requester uses the unvalidated CTExponent to compute a timeout, enabling potentia...
CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester
libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...
OPENSUSE-SU-2023:0117-1 Security update for chromium
This update for chromium fixes the following issues: - build with llvm15 on Leap - Chromium 113.0.5672.126 boo1211442: CVE-2023-2721: Use after free in Navigation CVE-2023-2722: Use after free in Autofill UI CVE-2023-2723: Use after free in DevTools CVE-2023-2724: Type Confusion in V8...
Google Chrome Security Bypass Vulnerability (CNVD-2023-46111)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 114.0.5735.90, which stems from a mal-implementation issue in the Extensions API module. An attacker could exploit this vulnerability to bypass security...
FreeBSD : chromium -- multiple vulnerabilities (fd87a250-ff78-11ed-8290-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fd87a250-ff78-11ed-8290-a8a1599412c6 advisory. - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote...
CVE-2023-2938
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2937
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...