ROS-2-2134

2.2134 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

GHSA-WM5G-P99Q-66G4 elFinder vulnerable to path traversal in LocalVolumeDriver connector

Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

GSD-2022-1005754 ice: xsk: prohibit usage of non-balanced queue id

ice: xsk: prohibit usage of non-balanced queue id This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.140 by commit...

ROS-2-1890

2.1890 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

Any arbitraryCall gathered airdrop can be stolen with recoverTokens

Handle hyh Vulnerability details Impact Any airdrop gathered with arbitraryCall will be immediately lost as an attacker can track arbitraryCall transactions and back run them with calls to recoverTokens, which doesn't track any tokens besides reward, deposit and incentive tokens, and will give th...

ROS-2-473

2.473 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

ROS-2-634

2.634 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...

Microsoft Windows: Prohibit access of the Windows Connect Now wizards

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winconnectnowwizards.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prohibit access of the Windows Connect Now wizards Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.n...

Microsoft Windows: Prohibit connection to non-domain networks (in domain authenticated network)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winfblocknondomain.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prohibit connection to non-domain networks when connected to domain authenticated network Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

Microsoft Windows: Prohibit use of Internet Connection Sharing on your DNS domain network

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winncshowsharedaccessui.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prohibit use of Internet Connection Sharing on your DNS domain network Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Windows Defender Firewall: Prohibit notifications

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadvsecprofilenotification.nasl 10010 2018-05-29 14:43:35Z emoss $ Check value for Windows Defender Firewall: Prohibit notifications Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Jenkins XStream: Java crash when trying to instantiate void/Void (CVE-2017-1000355)

Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to...

Microsoft Visual Studio “WMI Object Broker”控件代码执行漏洞（MS06-073）

Microsoft Visual Studio是微软公司的开发工具套件系列产品，是一个基本完整的开发工具集，包括了软件整个生命周期中所需要的大部分工具。 Visual Studio的"WMI Object Broker"控件在例程的创建和处理上存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意恶意代码。 Visual Studio所捆绑的WMI Object Broker ActiveX控件允许创建系统上已有的ActiveX控件例程。以这种方式创建的ActiveX对象会绕过ActiveX安全限制，如忽略kill bit和safe for...