How a leading Microsoft engineer extends culture to service resiliency

It’s hard to underestimate the impact that people can have on us in our formative years. Huiwen Ru, who spent several years working in identity and access management and is now a Principal Software Engineering Manager on the Singularity team at Microsoft, is a living example of how important...

Updated golang packages fix security vulnerability

Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption CVE-2022-23772 Incorrect access control in cmd/go CVE-2022-23773 Incorrect returned value in crypto/elliptic IsOnCurve CVE-2022-23806 The following non-security bugs were fixed: - go50978 crypto/elliptic: IsOnCurve...

openSUSE: Security Advisory for go1.16 (openSUSE-SU-2022:0724-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2022:0723-1 Security update for go1.17

This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve bsc1195838. - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption bsc1195835. - CVE-2022-23773: Fixed incorrect acce...

Security update for go1.16 (important)

openSUSE Security Update: Security update for go1.16 Announcement ID: openSUSE-SU-2022:0724-1 Rating: important References: 1182345 1195834 1195835 1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 NVD : 7.5...

LockedBalance library should drop parameters to 96/32 bits

Lines of code Vulnerability details Impact The LockedBalance contract takes 256-bit amount values but performs bit math on them as if they were 96 bit values. Bits could spill over to a different locked balance in the else part lockedBalance stores two 128-bit locked balances in one 256-bit stora...

WordPress Easy Math Captcha for CF7 plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Math Captcha for CF7 plugin versions = 1.0.0. Solution No patched version available...

WordPress Easy Math Captcha for CF7 plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Easy Math Captcha for CF7 plugin versions = 1.0.0. Solution No patched version available...

python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...

python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...

python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...

python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions

A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command...

GO-2021-0242 Panic on inputs with large exponents in math/big

Rat.SetString and Rat.UnmarshalText may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents...

OESA-2022-1526 python-pillow security update

Python image processing library. Security Fixes: pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec...

CVE-2022-23772

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system...

CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

DEBIAN-CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

UBUNTU-CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

Memory corruption

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...