OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Windows

OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Linux

OpenSSL is prone to TLS ephemeral ECDH crashes. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NVIDIA OTE Buffer Overflow Vulnerability

Nvidia NVIDIA OTE is a standalone, software-partitioned environment from Nvidia Corporation that provides trusted operations. NVIDIA OTE is vulnerable to a buffer error vulnerability stemming from a flaw in the NVIDIA OTE protocol message parsing code, where a faulty boundary check can lead to a...

samba bug fix and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fixes and Enhancements: /sbin/ldconfig: /lib64/libsmbldap.so.2 is no...

ALBA-2021:3050 samba bug fix and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Bug Fixes and Enhancements: /sbin/ldconfig: /lib64/libsmbldap.so.2 is no...

Siemens Simatic Insufficiently Protected Credentials

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 CPU family incl. SIPLUS variants All versions, SIMATIC WinAC RTX F 2010 All versions, SINUMERIK 840D sl All versions. The authentication protocol between a...

WOPI API not protected by credentials/IP check

None...

CVE-2021-22925

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

Missing purgeDeployer function

Handle 0xsanson Vulnerability details Impact In most of the contracts there's a purgeDeployer function that sets the Deployer address to zero. Contracts synthVault and Router though don't have it. Since the idea is to decentralize the protocol giving all the power to the Dao, the function should ...

Sage X3 Administration Service Authentication Bypass / Command Execution Exploit

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. This module requires Metasploit: https://metasploit.com/download Current source...

openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...

TransferHelper does not work with all ERC20 tokens

Handle cmichel Vulnerability details The TransferHelper.safeTransferFrom function will revert if tokens do not return a boolean because the interface ERC20.transfer function it uses indicates that this function always returns a boolean. Some tokens like USDT don't correctly implement the EIP20...

Use of deprecated Chainlink API

Handle 0xRajeev Vulnerability details Impact UniswapV3Oracle contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and...

CVE-2021-1887

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking...

Logic error in fulfill() function

Handle s1m0 Vulnerability details The fulfill function could create a loss for the protocol in case addFunds succeed and execute function fails. Impact In the fulfill function the toSend amount could be transferred twice: 1. In the external call addFunds to the txData.callTo. 2. If the execute...

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

This week, PrintNightmare - Microsoft's Print Spooler vulnerability CVE-2021-34527 was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we...

Buoy3Pool.safetyCheck can underflow

Handle cmichel Vulnerability details Vulnerability Details The safetyCheck function performs an unsafe subtraction on two uint256 before casting them to int256. The subtraction can underflow and the cast to int256 can either fail and revert the transaction if greater than typeint256.max, or, fit...

nginx 0.1.0 - 0.7.63 / 0.8.x - 0.8.22 SSL Protocol Renegotiation Vulnerability

nginx is prone to a renegotiation vulnerability in the SSL protocol. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

GHSA-399H-CMVP-QGX5 Incorrect Default Permissions in Binance tss-lib

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. Specific Go Packages Affected github.com/binance-chain/tss-lib/ecdsa/keygen...