29 matches found
PT-2024-34876 · Markus +1 · Markus +1
Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue is related to an arbitrary file write vulnerability in the update/upload/create file methods in Controllers, allowing authenticated instructors to write arbitrary files to any location on...
MAL-2024-5262 Malicious code in initializers (PyPI)
--- -= Per source details. Do not edit below this line.=-...
kernel: Bluetooth: HCI: Fix global-out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...
My SpringOne 2023 Recap
Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...
Upgraded Q -> 2 from #633 [1677880427560]
Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...
Upgraded Q -> M from 96 [1655008755771]
Judge has assessed an item in Issue 96 as Medium risk. The relevant finding follows: Impact - LOW All contract initializers were missing access controls, allowing any user to initialize the contract. By front-running the contract deployers to initialize the contract, the incorrect parameters may ...
SUSE-SU-2022:2015-1 Security update for gcc48
This update for gcc48 fixes the following issues: - CVE-2019-14250: Fixed an integer overflow that could lead to an invalid memory access bsc1142649. Non-security fixes: - Fixed an issue with manual page builds bsc1185395. - Fixed an issue with static initializers bsc1177947. - Fixed an issue wit...
Fedora 25 : gd (2017-bab5698540)
Version 2.2.4 - 2017-01-18 Security - gdImageCreate doesn't check for oversized images and as such is prone to DoS vulnerabilities. CVE-2016-9317 - double-free in gdImageWebPtr CVE-2016-6912 - potential unsigned underflow in gdinterpolation.c - DOS vulnerability in gdImageCreateFromGd2Ctx Fixed -...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)
This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...