CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-23766

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterpris...

CVE-2023-23766

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterpris...

CVE-2023-23766

CVE-2023-23766 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enabled commit smuggling by displaying an incorrect diff when re-opening a Pull Request. Exploitation would require write access to the repository. All versions prior to the fixed releases are affected...

PT-2023-19191 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.6.17 GitHub Enterprise Server versions prior to 3.7.15 GitHub Enterprise Server versions prior to 3.8.8 GitHub Enterprise Server versions prior to 3.9.3 GitHub Enterprise Server versions prior to...

CVE-2023-37459

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP...

CVE-2023-37459

CVE-2023-37459 maps to Contiki-NG ≤ 4.9, where the network stack, on receiving a TCP packet with the SYN flag, may access the TCP header before ensuring it is complete. This can trigger an out-of-bounds read from the packet buffer due to reading the flags field in check_for_tcp_syn. The result is...

CVE-2023-37281 Out-of-bounds read during IPHC address decompression

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done...

UBUNTU-CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 both inclusive trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by...

CVE-2023-41937

Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 both inclusive trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by...

CVE-2023-41937

CVE-2023-41937 affects the Jenkins Bitbucket Push and Pull Request Plugin versions 2.4.0–2.8.3 (inclusive). The vulnerability arises because the plugin trusts values in the webhook payload (including certain URLs) and uses configured Bitbucket credentials to connect to those URLs, enabling an att...

Jenkins Plugin Bitbucket Push and Pull Request Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege control vulnerability in the audio module. Successful exploitation of this...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege control vulnerability in the audio module. Successful exploitation of this...

CVE-2023-41052

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

PYSEC-2023-168

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

CVE-2023-23765

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the...