SHA1Digest Contract Vulnerability

Lines of code Vulnerability details Impact The vulnerability is related to the use of the SHA1 hashing algorithm in the SHA1Digest contract. SHA1 is an outdated cryptographic hash function that has been deprecated by most security experts due to its weaknesses and susceptibility to collision...

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response EDR software by means of a Bring Your Own Vulnerable Driver BYOVD attack. "The AuKill tool abuses an outdated version of the driver used by version...

Race Condition

@web3-react is vulnerable to a Race Condition. In the event that the user switches chains during the connection flow, the chainId may become outdated, making any data generated from it potentially inaccurate. An application that swaps between chains for instance, can cause the user to tokens mone...

GHSA-8PF3-6FGR-3G3G `chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

`chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

CVE-2023-30543

Con concrete details: The CVE-2023-30543 entry concerns @web3-react, where chainId can become outdated during a user’s chain-switch in the connection flow. The root cause is that useWeb3React() may return an incorrect chainId, causing dependent data (e.g., wrapped token addresses) to be computed ...

Fedora 38 : pdns-recursor (2023-680b2e6af5)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-680b2e6af5 advisory. - Update to 4.8.4 Release notes: https://doc.powerdns.com/recursor/changelog/4.8.html Tenable has extracted the preceding description block directly from the...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in MS SQL Server. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with SYSTEM privileges. To exploit the vulnerabilities exploit, the malicious party must trick a user of SQL Server entice a rogue query to open and...

An outdated dependency leads to to remote command execution vulnerability

Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...

Sorting Through Haystacks to Find CTI Needles

Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or...

CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...

WordPress plugin WP OAuth Server 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-4735 · Unknown +2 · @Cyprus/Request +2

Name of the Vulnerable Software and Affected Versions: Request package versions through 2.88.1 @cyprus/request package versions prior to 3.0.0 Description: The issue is related to insufficient validation of incoming requests, allowing a remote attacker to bypass SSRF mitigations via an...

Debian: Security Advisory (DLA-469-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...

Check MK < 2.0.0p34, 2.1.x < 2.1.0p24 Certification Validation Vulnerability

Check MK is prone to a certification validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; ...

D-Link DIR-645 Rev. A Devices Multiple Vulnerabilities (2021 - 2025)

D-Link DIR-645 Rev. A devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

K17742627: cURL and libcurl vulnerability CVE-2016-8625

Security Advisory Description curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVE-2016-8625 Impact Incorrect translation of International Doma...

K15641: Outdated or incorrect version vulnerability CVE-1999-0662

Security Advisory Description A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. CVE-1999-0662 Impact This is a generic vulnerability that may be triggered by different types of scanning software, whenever a...

SUSE CVE-2015-7542

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates...