False-positive validity for NFT1 genesis transactions in SLPJS

Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...

GHSA-CC2P-4JHR-XHHX False-positive validity for NFT1 genesis transactions in SLPJS

Impact In the npm package named "slpjs", versions prior to 0.27.4 are vulnerable to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any of the...

OSV-2020-1444 Heap-buffer-overflow in void mc_chroma<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22678 Crash type: Heap-buffer-overflow READ 2 Crash state: void mcchroma generateinterpredictionsamples decodepredictionunit...

OSV-2020-1226 Heap-buffer-overflow in void mc_chroma<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13583 Crash type: Heap-buffer-overflow READ 2 Crash state: void mcchroma generateinterpredictionsamples decodepredictionunit...

OilRig APT Drills into Malware Innovation with Unique Backdoor

A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the...

SUSE-SU-2020:1974-1 Security update for salt

This update for salt contains the following fixes: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker...

Siemens SICAM MMU, SGU and T Cross-Site Scripting Vulnerabilities

SICAM T is a digital measurement sensor that allows the measurement of power in the non-electrical network in a single unit.ICAM-MMU Measurement and Monitoring Unit is a power monitoring unit that allows the measurement of power in the grid in a single unit.SICAM SGU Discontinued is a Smart Grid...

Siemens SICAM MMU, SGU and T Information Disclosure Vulnerabilities

SICAM T is a digital measurement sensor that allows the measurement of power in the non-electrical network in a single unit.ICAM-MMU Measurement and Monitoring Unit is a power monitoring unit that allows the measurement of power in the grid in a single unit.SICAM SGU Discontinued is a Smart Grid...

Siemens SICAM MMU, SGU and T Sensitive Information Disclosure Vulnerability

SICAM T is a digital measurement sensor that allows the measurement of power in the non-electrical network in a single unit.ICAM-MMU Measurement and Monitoring Unit is a power monitoring unit that allows the measurement of power in the grid in a single unit.SICAM SGU Discontinued is a Smart Grid...

Siemens SICAM MMU, SGU and T Authentication Bypass Vulnerability

SICAM T is a digital measurement sensor that allows the measurement of power in the non-electrical network in a single unit.ICAM-MMU Measurement and Monitoring Unit is a power monitoring unit that allows the measurement of power in the grid in a single unit.SICAM SGU Discontinued is a Smart Grid...

CVE-2020-10038

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the device's web server might be able to execute administrative commands without authentication...

TAU Threat Discovery: Conti Ransomware

Conti is a new family of ransomware observed in the wild by the Carbon Black Threat Analysis Unit TAU. Unlike most ransomware, Conti contains unique features that separate it in terms of performance and focus on network-based targets. Conti uses a large number of independent threads to perform...

ALPINE-CVE-2020-15565

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both...

SUSE-SU-2020:1842-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command bsc1161436. - Renamed the persistent link for ATA devices bsc1164538 - shared/install: try harder to find enablement symlinks when disabling a unit bsc1157315 -...

OSV-2020-425 Heap-buffer-overflow in ihevcd_parse_coding_unit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17055 Crash type: Heap-buffer-overflow READ 1 Crash state: ihevcdparsecodingunit ihevcdparsecodingquadtree ihevcdparsecodingquadtree...

CVE-2020-10628

ControlEdge PLC R130.2, R140, R150, and R151 and RTU R101, R110, R140, R150, and R151 exposes unencrypted passwords on the network...

CVE-2020-10624

ControlEdge PLC R130.2, R140, R150, and R151 and RTU R101, R110, R140, R150, and R151 exposes a session token on the network...

Honeywell ControlEdge PLC and ControlEdge RTU Information Disclosure Vulnerability

Honeywell ControlEdge PLC and ControlEdge RTU are both products of Honeywell, Inc. The ControlEdge PLC is a programmable logic controller PLC.The ControlEdge RTU is a remote terminal unit RTU. An information disclosure vulnerability exists in the Honeywell ControlEdge PLC and RTU, which can be...

Honeywell ControlEdge PLC and ControlEdge RTU Information Disclosure Vulnerability (CNVD-2020-37479)

Honeywell ControlEdge PLC and ControlEdge RTU are both products of Honeywell, Inc. The ControlEdge PLC is a programmable logic controller PLC.The ControlEdge RTU is a remote terminal unit RTU. An information disclosure vulnerability exists in the Honeywell ControlEdge PLC and RTU that can be...

Schneider Electric Easergy T300 Information Disclosure Vulnerability (CNVD-2021-21474)

The Schneider Electric Easergy T300 is a remote terminal unit for the power industry from Schneider Electric, France. An information disclosure vulnerability exists in the Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier, which can be exploited by an attacker to obtain...