15 matches found
Proposal for Improving Google A2A Protocol: Safeguarding Sensitive Data in Multi-Agent Systems
A2A, a protocol for AI agent communication, offers a robust foundation for secure AI agent communication. However, it has several critical issues in handling sensitive data, such as payment details, identification documents, and personal information. This paper reviews the existing protocol,...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
puma-5.6.4: http request smuggling vulnerabilities
A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity...
kyodo-west.co.jp Cross Site Scripting vulnerability OBB-3057644
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
m.nb91b7.cyou Cross Site Scripting vulnerability OBB-2861643
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Not safe transferFrom
Lines of code Vulnerability details Impact The Safe library says: @dev Caution! This library won't check that a token has code, responsibility is delegated to the caller. But this check is not made in Swivel contract, so the Safe library it's prone to phantom methods attacks. Supposedly it is a...
CVE-2022-24761 HTTP Request Smuggling in waitress
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...
[SECURITY] Fedora 27 Update: openjpeg2-2.2.0-3.fc27
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...
[SECURITY] Fedora 25 Update: openjpeg2-2.1.2-3.fc25
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...
[SECURITY] Fedora 25 Update: openjpeg2-2.1.1-3.fc25
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...
[SECURITY] Fedora 21 Update: openjpeg2-2.1.0-7.fc21
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...
[SECURITY] Fedora 20 Update: pylint-1.1.0-1.fc20
Pylint is a python tool that checks if a module satisfy a coding standard. Pylint can be seen as another PyChecker since nearly all tests you can do with PyChecker can also be done with Pylint. But Pylint offers some more features, like checking line-code's length, checking if variable names are...
SuSE 11.1 Security Update : openSLP (SAT Patch Number 3312)
The openslp daemon could run into an endless loop when receiving specially crafted packets CVE-2010-3609. This has been fixed. Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration...
SuSE 11 Security Update : openslp (SAT Patch Number 3317)
The openslp daemon could run into an endless loop when receiving specially crafted packets. CVE-2010-3609 Additionally the following non-security bugs were fixed : - 564504: Fix handling of DA answers if both active and passive DA detection is off - 597215: Add configuration options to openSLP:...
SuSE 10 Security Update : openslp (ZYPP Patch Number 7187)
The openslp daemon could run into an endless loop when receiving specially crafted packets CVE-2010-3609. This has been fixed. Additionally the following non-security bugs were fixed : - This openSLP update extends the net.slp.isDABackup mechanism introduced with the previous update by a new...