85 matches found
Mitigation of M-07: Issue not mitigated
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-07: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings765 Comments While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the...
CVE-2023-2166
A null pointer dereference issue was found in can protocol in net/can/afcan.c in the Linux before Linux. mlpriv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service...
SUSE CVE-2023-28859
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...
PT-2022-27053 · Unknown · Browsershot
Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method do...
PT-2022-27314 · Unknown · Object First Ootbi Beta
Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: An issue was discovered in the management protocol, allowing a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname...
PT-2022-21170 · Parse-Url · Url-Parse
Name of the Vulnerable Software and Affected Versions: parse-url versions prior to 8.1.0 Description: The issue concerns a misinterpretation of input in the parse-url library, where certain HTTP or HTTPS URLs are parsed incorrectly. Specifically, the library may identify the URL's protocol as SSH...
fee-on-transfer underlying can cause problems
Handle 0xsanson Vulnerability details Impact The current implementation doesn't work with fee-on-transfer underlying tokens. Considering that Compound can have these kind of tokens ex. USDT can activate fees, this issue can affect the protocol. The problem arise when transferring tokens, basicall...
CVE-2021-29949
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...
OPENSUSE-SU-2020:1085-1 Security update for knot
This update for knot fixes the following issues: - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication boo1047841...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Build Forge (CVE-2014-6457)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.5, 1.6, 1.7 that is used by IBM Rational Build Forge. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID: CVE-2014-6457 Description: An unspecified...
March 22, 2018—KB4088891 (OS Build 15063.994)
March 22, 2018—KB4088891 OS Build 15063.994 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue with a GDI handle leak in the Windows Ribbon control. Addresses issue where,...
The vulnerability of the dccp_v6_request_recv_sock function in the net/dccp/ipv6.c file of the Linux kernel allows a attacker to cause a service failure or exert other effects.
The vulnerability of the dccpv6requestrecvsock function in the net/dccp/ipv6.c module of the Linux kernel is related to incorrect data processing. Exploiting this vulnerability could allow an attacker acting locally to cause service failures or other adverse effects due to system calls...
PT-2017-1939
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue exists due to insufficient input validation in the SMBv1 protocol of the Microsoft Windows operating system. It allows a remote attacker to execute arbitrary code using...
SUSE-SU-2016:0390-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following security issues by updating to 8.0-2.10 bsc963937: - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision...
MGASA-2015-0280 Updated java-1.8.0-openjdk package fixes security vulnerabilities
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...
MGASA-2015-0268 Updated firefox package fixes security vulnerability
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...
CVE-2010-4478
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...
PT-2010-2042 · Microsoft · Windows Server 2008 +2
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2 Description: A denial of service issue exists due to an error in TCP/IP processing when handling specially crafted TCP packets with a...
APOP password recovery vulnerability
Overview POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge...