[SECURITY] Fedora 37 Update: samba-4.17.12-1.fc37

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version...

Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

[SECURITY] Fedora 38 Update: samba-4.18.8-1.fc38

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

VirtualAccount.sol CONTRACT DOES NOT CORRECTLY IMPLEMENT THE eip1155 STANDARD WHILE INHERITING THE ERC1155Receiver

Lines of code Vulnerability details Impact The VirtualAccount.sol contract inherits the ERC1155Receiver contract to receive the ERC1155 tokens. Both onERC1155Received and onERC1155BatchReceived functions are declared in the VirtualAccount contract as per the eip1155 standard. The respective ERC11...

Use of tx.origin breaks interoperability with AA wallets.

Lines of code Vulnerability details In OptionPositionMananger, several functions like close and sellOptions, need to call PMWithdraw, which calls PMTransfer. Then it is checked that tx.origin != user. However, smart contract wallet cannot be tx.origin, which means AA wallets will not be able to...

Three Security Vendor Consolidation Myths Debunked

When it comes to security vendor consolidation, Gartner found that 57% of organizations are working with fewer than ten security vendors, utilizing consolidation to cut costs and improve their overall security posture. But what about the other 43%? While security vendor consolidation has many...

[SECURITY] Fedora 37 Update: samba-4.17.10-0.fc37

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

Security Bulletin: Multiple vulnerabilities affect embedded Content Management Interoperability Service in IBM Business Automation Workflow - CVE-2023-20861, CVE-2023-20863

Summary Embedded Content Management Interoperability Service in IBM Business Automation Workflow is affected by multiple Spring framework vulnerabilities Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper...

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google has announced that it intends to add support for Message Layer Security MLS to its Messages service for Android and open source an implementation of the specification. "Most modern consumer messaging platforms including Google Messages support end-to-end encryption, but users today are...

LSP8CompatibleERC721's approve() deviates from ERC-721 specification

Lines of code Vulnerability details Bug Description The LSP8CompatibleERC721 contract is a wrapper around LSP8 that is meant to function similarly to ERC-721 tokens. One of its implemented functions is ERC-721's approve: LSP8CompatibleERC721.solL155-L158 function approveaddress operator, uint256...

Apple DCERPC allocation hint uninitialized memory disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1675 Apple DCERPC allocation hint uninitialized memory disclosure vulnerability July 13, 2023 CVE Number None SUMMARY An information disclosure vulnerability exists in the call fault reporting functionality of DCERPC library as used in Apple macOS 12.6.1 that...

SeroXen Incorporates Latest BatCloak Engine Iteration

We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable FUD .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion...

Analyzing the FUD Malware Obfuscation Engine BatCloak

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable FUD capabilities...

The vulnerability of the Interoperability SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Interoperability SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364

Summary IBM ECM Content Management Interoperability Services CMIS cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by ...

CISA Releases Two SBOM Documents

Today, CISA released two community-drafted documents around Software Bill of Materials SBOM: Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange VEX. The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, alo...

[SECURITY] Fedora 36 Update: samba-4.16.10-0.fc36

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

[SECURITY] Fedora 38 Update: samba-4.18.1-0.fc38

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

[SECURITY] Fedora 37 Update: samba-4.17.7-0.fc37

Samba is the standard Windows interoperability suite of programs for Linux and Unix...