Lucene search
K

9165 matches found

Fedora
Fedora
added 2023/06/10 1:47 a.m.43 views

[SECURITY] Fedora 38 Update: mariadb-10.5.20-1.fc38

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

6.5CVSS7.3AI score0.01486EPSS
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.8 views

Lack of Access Control

Lines of code Vulnerability details Impact The contract does not enforce proper access control mechanisms for critical functions such as deployWithdrawVault, deployNodeELRewardVault, updateStaderConfig, and updateVaultProxyAddress. As a result, any address can call these functions and potentially...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.13 views

Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days

Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.14 views

VaultProxy implementation can be initialized by anyone and self-destructed

Lines of code Vulnerability details Impact When the VaultFactory contract is deployed and initialized, the initialise method on the newly created VaultProxy implementation contract is never called. As such, anyone can call that method and pass in whatever values they want as arguments. One...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-6151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.7AI score0.0048EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.37 views

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2023-2142)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

7.8CVSS7.3AI score0.00542EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.51 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-2190)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

5.5CVSS7AI score0.00377EPSS
Exploits0References2
OSV
OSV
added 2023/06/08 10:16 p.m.6 views

USN-6151-1 linux-xilinx-zynqmp vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

8.8CVSS7AI score0.0048EPSS
Exploits1References5
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/06/08 12:0 a.m.16 views

Guide to Serverless Architecture Design Patterns

Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.13 views

Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds

Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2023/06/05 12:0 a.m.46 views

Ubuntu: Security Advisory (USN-6135-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.16642EPSS
Exploits7References2
Github Security Blog
Github Security Blog
added 2023/06/03 12:30 a.m.38 views

Hashicorp Consul vulnerable to denial of service

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

7.5CVSS6.4AI score0.00768EPSS
Exploits0References3Affected Software1
HackRead
HackRead
added 2023/06/01 8:54 p.m.17 views

How To Reduce Cost Overruns For AI Implementation Projects

By Owais Sultan AI implementations can be costly and drain their allotted budgets. Thankfully, you can learn how to reduce your… This is a post from HackRead.com Read the original post: How To Reduce Cost Overruns For AI Implementation Projects...

6.9AI score
Exploits0
CVE
CVE
added 2023/06/01 4:15 p.m.59 views

CVE-2023-32690

Summary: libspdm (DMTF SPDM) prior to versions 2.3.3 and 3.0 stores the responder’s CTExponent after a CAPABILITIES response without validation. If a cryptographic operation is later requested (e.g., CHALLENGE), the requester uses the unvalidated CTExponent to compute a timeout, enabling potentia...

7.5CVSS6.4AI score0.00713EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/01 4:15 p.m.28 views

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

5.7CVSS7.4AI score0.00713EPSS
Exploits0References5
OSV
OSV
added 2023/05/31 2:40 p.m.7 views

OPENSUSE-SU-2023:0117-1 Security update for chromium

This update for chromium fixes the following issues: - build with llvm15 on Leap - Chromium 113.0.5672.126 boo1211442: CVE-2023-2721: Use after free in Navigation CVE-2023-2722: Use after free in Autofill UI CVE-2023-2723: Use after free in DevTools CVE-2023-2724: Type Confusion in V8...

8.8CVSS9.3AI score0.29136EPSS
Exploits1References20
CNVD
CNVD
added 2023/05/31 12:0 a.m.39 views

Google Chrome Security Bypass Vulnerability (CNVD-2023-46111)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 114.0.5735.90, which stems from a mal-implementation issue in the Extensions API module. An attacker could exploit this vulnerability to bypass security...

4.3CVSS6.4AI score0.00621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/05/31 12:0 a.m.29 views

FreeBSD : chromium -- multiple vulnerabilities (fd87a250-ff78-11ed-8290-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fd87a250-ff78-11ed-8290-a8a1599412c6 advisory. - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote...

8.8CVSS7.2AI score0.23855EPSS
Exploits2References15
NVD
NVD
added 2023/05/30 10:15 p.m.20 views

CVE-2023-2938

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS3.8AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2023/05/30 10:15 p.m.21 views

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5AI score
Exploits0References5
Rows per page
Query Builder