OESA-2023-1501 golang security update

The Go Programming Language. Security Fixes: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host o...

[SECURITY] Fedora 37 Update: golang-1.19.12-1.fc37

The Go Programming Language...

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

[SECURITY] Fedora 38 Update: golang-1.20.7-1.fc38

The Go Programming Language...

Qualcomm Chipsets Code Issue Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in the Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when a service API is called with an invalid address...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege Escalat...

CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes...

Control ID IDSecure Security Vulnerability

Control ID IDSecure is software from Control ID that controls access to personnel and vehicles in companies of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions, which stems from the presence of a number of API routes, thereby disclosing sensiti...

CVE-2023-23476

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425...

PT-2023-20640 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allow...

PT-2023-20643 · Unknown · Ox Count Web Service

Name of the Vulnerable Software and Affected Versions: OX Count web service affected versions not specified Description: The issue arises from the OX Count web service not specifying a media-type when processing responses from external resources. This allows malicious script code to be executed...

IBM B2B Advanced Communications 代码问题漏洞

IBM B2B Advanced Communications is a comprehensive business-to-business B2B integration solution from International Business Machines IBM. It is part of the IBM Sterling B2B Integration product family and is designed to simplify and optimize B2B interactions between businesses and partners. A...

python3 security update

CentOS Errata and Security Advisory CESA-2023:3556 An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of...

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

CVE-2023-37902

Vyper (Pythonic language for the EVM) has a vulnerability in the ecrecover precompile prior to version 0.3.10, where the output buffer may contain undefined data if a signature does not verify. The ecrecover builtin can still return memory contents at address 0, potentially causing a signature ch...

[SECURITY] Fedora 38 Update: golang-1.20.6-1.fc38

The Go Programming Language...