CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

CVE-2023-37902

Vyper (Pythonic language for the EVM) has a vulnerability in the ecrecover precompile prior to version 0.3.10, where the output buffer may contain undefined data if a signature does not verify. The ecrecover builtin can still return memory contents at address 0, potentially causing a signature ch...

[SECURITY] Fedora 38 Update: golang-1.20.6-1.fc38

The Go Programming Language...

Panasonic Control FPWIN Pro 缓冲区错误漏洞

Panasonic Control FPWIN Pro is a programming software from Panasonic Corporation Japan. A security vulnerability exists in Panasonic Control FPWIN Pro 7.6.0.3 and prior versions, which stems from a memory corruption vulnerability that could allow execution of arbitrary code when opening specially...

SteelSeries GG 路径遍历漏洞

SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into an easy-to-use interface. A path traversal vulnerability exists in SteelSeries GG version 36.0.0, which can be exploited by an attacker to create a sub-application via an...

[SECURITY] Fedora 37 Update: redis-7.0.12-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

Oracle Java SE 安全漏洞

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

GHSA-H4VP-69R8-GVJG org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability

Impact Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code...

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication...

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office SOHO routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.13 that stems from a vulnerability that allows an authenticated attacker to gain access to sensitive information through API calls related to da...

Important: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

CVE-2023-36922 OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Important: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...