Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect Syzbot discovered that it can disconnect a TLS socket and then encounter various unexpected corner cases. I have a vague memory of Eric pointing this out to us a long time ago. Supporting...

VulnCheck KEV: CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

EUVD-2023-26917

Malicious code in bioql PyPI...

vsock: Do not allow binding to VMADDR_PORT_ANY

...

Do Not Use auditctl to Set auditd Rules

auditd service rules can be configured using either rule files in the /etc/audit/rules.d/ directory applied after server restart or the auditctl command for immediate effect. The permission of the /etc/audit/rules.d/ directory is 750, while that of the auditctl command is 755. Therefore,...

nbd: don't allow reconnect after disconnect

...

Exploit for Code Injection in Xwiki

Disclaimer: The vulnerabilities described in this article, alo...

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security BIS on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's...

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...

An issue was discovered in Qt before 5.15.14 6.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header allowing unencrypted connections to be established even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.

...

CVE-2023-32762

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

Fedora 37 : qt5-qtbase (2023-f42087b533)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f42087b533 advisory. Fixes CVE-2023-32762 and CVE-2023-32763. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

ROS-20230317-03

A vulnerability in the Minio object store is related to improper enforcement of the bypass prohibition policy, with the removing a version identifier with the special header "X-Amz-Bypass-Governance-Retention: true". Exploitation of the vulnerability could allow an attacker acting remotely to gai...

Artificial Inflation of Interest-Bearing Balances

Lines of code Vulnerability details Impact It is possible to artificially inflate one's balance, compromising the integrity of the KIB token entirely. The vulnerability arises from how the balances are updated and utilize "stale" values that were loaded into memory. As such, a self-transfer would...

CVE-2023-22805

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device...

CVE-2023-22805 CVE-2023-22805

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device...

PT-2023-18706 · Ls Electric · Ls Electric Xbc-Dn32U

Name of the Vulnerable Software and Affected Versions: LS ELECTRIC XBC-DN32U version 01.80 Description: The issue is related to improper access control in the read prohibition feature of the device. This could allow a remote attacker to set the feature to lock users out of reading data from the...

Decarbonizing Cryptocurrencies through Taxation

Maintaining bitcoin and other cryptocurrencies causes about 0.3 percent of global CO2 emissions. That may not sound like a lot, but its more than the emissions of Switzerland, Croatia, and Norway combined. As many cryptocurrencies crash and the FTX bankruptcy moves into the litigation stage,...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...