Cushion bond markets are opened at wall price rather than current price

Lines of code Vulnerability details Impact Incorrect initial bond market price Proof of Concept uint256 initialPrice = range.wall.high.price.mulDivbondScale, oracleScale; uint256 initialPrice = invWallPrice.mulDivbondScale, oracleScale; In the above lines the initial prices are set to the wall...

Tyler Odyssey 信任管理问题漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, USA. Tyler Odyssey suffers from a security vulnerability that stems from passing unencrypted bytes from an intermediary to a client An intermediary attacker can inject an incorrect response to the...

PLANEX MZK-DP150N contains hidden administrative functionality

Overview MZK-DP150N provided by PLANEX COMMUNICATIONS INC. contains a hidden administrative screen CVE-2021-37289, CWE-912. In the initial settings of the product, the login account for the configuration screen is common to all products. Please change the account information from the initial...

CVE-2022-35583

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets...

CVE-2022-35583

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets...

DEBIAN-CVE-2022-35583

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets...

wkhtmltopdf 代码问题漏洞

wkhtmltopdf is wkhtmltopdf open source a library . Used to convert HTML to PDF. A code issue vulnerability exists in wkhtmltopdf version 0.12.6, which stems from the fact that it allows an attacker to gain initial access to a target system by injecting an iframe tag with the IP address of the...

CVE-2022-35583

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets...

The vulnerability of the `clear_bss` function in Linux operating system kernels, related to errors during the clearing of the initial symbol of a block (.bss), allows an attacker to execute arbitrary code.

The vulnerability of the clearbss function in Linux operating systems is related to errors during the clearing of the initial symbol of a block .bss. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

GHSA-H6GJ-6JJQ-H8G9 jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

PT-2022-21212 · Zimbra · Zimbra Collaboration Open Source

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Open Source version 8.8.15 Description: The issue concerns the lack of encryption for the initial-login randomly created password, which is generated by the zmprove ca command. This password is visible in cleartext on por...

gnome-initial-setup bug fix and enhancement update

An update is available for gnome-initial-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-initial-setup packages provide the Initial Setup...

Secheron SEPCOS Control and Protection Relay Code Issue Vulnerability

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A code issue vulnerability exists in the Secheron SEPCOS Control and...

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion using ransomware and carding. However, there is demand on the dark web not only for data obtained through an...

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report...

Mattermost Server: initial_load API exposes unnecessary information

An issue was discovered in Mattermost Server before 3.1.1. The initialload API disclosed unnecessary personal information...

GHSA-R93J-3MMP-PX57 Mattermost Server: initial_load API exposes unnecessary information

An issue was discovered in Mattermost Server before 3.1.1. The initialload API disclosed unnecessary personal information...

Malware Analysis: Trickbot

In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticat...

new packages: initial-setup

An update is available for initial-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...