Use safeTransfer instead of transfer

Handle shw Vulnerability details Impact Tokens not compliant with the ERC20 specification could return false from the transfer function call to indicate the transfer fails, while the calling contract would not notice the failure if the return value is not checked. Checking the return value is a...

Use safeTransfer instead of transfer

Handle shw Vulnerability details Impact Tokens not compliant with the ERC20 specification could return false from the approve call to indicate the approval fails, while the calling contract would not notice the failure if the return value is not checked. Proof of Concept Referenced code:...

Yinggao into the network specification management system has information leakage vulnerability

Ltd. is a professional engaged in the research and development, sales and service of network information security products, is the industry's leading security vendors. Yinggao into the network specification management system there is information leakage vulnerability, attackers can use the...

Return values of BEP20.transfer and BEP20.transferFrom are unchecked

Handle shw Vulnerability details Impact The return values of BEP20.transfer and BEP20.transferFrom are not checked to be true in multiple contracts. The return value could be false if the transferred token is not BEP20-compliant, indicating that the transfer fails, while the calling contract will...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2422-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2427-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the...

ICS Focused Malware

Updated July 20, 2021: The U.S. Government attributes this activity to Russian nation-state cyber actors and assess that Russian nation-state cyber actors deployed Havex malware against industrial control systems. For more information on Russian malicious cyber activity, refer...

SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacke...

runC: Container breakout

Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2202-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2202-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to...

Ubuntu 16.04 ESM : BlueZ vulnerabilities (USN-4989-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-2 advisory. USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

EIP Stack Group OpENer Ethernet/IP UDP handler information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. Tested Versions EIP Stack Group OpENer 2.3 EIP Stack Group OpENe...

SUSE SLES11 Security Update : openssl (SUSE-SU-2020:14491-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14491-1 advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections...

Apple macOS SMB server create file request uninitialized memory disclosure

Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...

GHSA-3P3G-VPW6-4W66 Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

GHSA-V3Q9-2P3M-7G43 Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...

Token reuse in Ory fosite

Impact When using client authentication method "privatekeyjwt" 1https://openid.net/specs/openid-connect-core-10.htmlClientAuthentication, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens...