438 matches found
ERC20 return values not checked
Handle @cmichelio Vulnerability details Vulnerability Details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Furthermore, some tokens like USDT don't correctly implement the ERC20 standard and don't...
OPENSUSE-SU-2021:0600-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 - CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 - CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 - CVE-2020-25625: Fix...
Evolving beyond password complexity as an identity strategy
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...
Moderate: Red Hat Security Advisory: Satellite 6.9 Release
An update is now available for Red Hat Satellite 6.9 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: foreman:...
RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...
SUSE-SU-2021:1243-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 - CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 - CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 - CVE-2020-25625: Fix...
LIM OpenEXR 输入验证错误漏洞
Industrial Light And Magic LIM OpenEXR is an image file format from Industrial Light and Magic LIM, USA, for high dynamic range HDR images. An input validation error vulnerability exists in OpenEXR B44 uncompression, which can be exploited by an attacker to trigger a shift overflow and potentiall...
SUSE-SU-2021:0806-1 Security update for crmsh
This update for crmsh fixes the following issues: - Update to version 4.3.0+20210219.5d1bf034: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc1179999;...
SAP NetWeaver Knowledge Management Configuration Service Insecure Deserialization Vulnerability
SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP. A security vulnerability exists in SAP NetWeaver Knowledge Management Configuration Service versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50, which allows remote attackers with...
Metasploit Wrap-Up
MicroFocus? More like MacroVuln MicroFocus’s Operations Bridge Manager is a security information and event management SIEM tool designed to collect and parse security logs from multiple disparate sources. OBM has a large attack surface—something Pedro Ribeiro was able to take advantage of with hi...
OPENSUSE-SU-2021:0127-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...
Virtuozzo Automator 7.0 Update 2 Hotfix 15 (VA MN 7.0.2-680, VA Agent 7.0.2-407)
The Hotfix 15 for Virtuozzo Automator 7.0.2 provides stability and usability fixes. Vulnerability id: PVA-37501 pvaagentd could be killed by SIGSEGV. Vulnerability id: PVA-37697, PVA-37707 Coalesce operation could be performed on an outdated cached list of backups. Vulnerability id: PVA-37537 Fre...
Product update: Virtuozzo PowerPanel Update 1 (7.0.4-30)
The update for Virtuozzo PowerPanel introduces new features as well as stability and usability fixes. Vulnerability id: PP-578 The 'vzapi' command to reset the backup limit to 0 could fail. Vulnerability id: PP-580 A wrong config parameter was documented for instance default backup limit...
Binary vulnerability in jerryscript (CNVD-2020-72374)
erryScript is a lightweight JavaScript engine that runs on restricted devices. A binary vulnerability exists in jerryscript. An attacker could exploit this vulnerability to cause an impact on usability...
Binary vulnerability in jerryscript (CNVD-2020-72373)
JerryScript is a lightweight JavaScript engine that runs on restricted devices. A binary vulnerability exists in jerryscript, which can be exploited by attackers to compromise usability...
openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2187)
This update for MozillaThunderbird fixes the following issues : TODO - Mozilla Thunderbird 78.5.0 - new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 - new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 - new: MailExtensions...
Product update: Virtuozzo Hybrid Server 7.5 Hotfix 1 (7.5.0-589)
The Hotfix 1 for Virtuozzo Hybrid Server 7.5 provides stability and usability bug fixes. Vulnerability id: PSBM-108125 Virtuozzo Storage trial licenses ending in 2021 could be reported as invalid. Vulnerability id: PSBM-123396 Migrating a VM over Virtuozzo Storage could take a very long time...
OPENSUSE-SU-2020:2187-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 new: OpenPGP: Added option to disable attaching the public key to a signed message bmo1654950 new: MailExtensions: 'composeattachments' context added to Menus API bmo1670822 new: MailExtensions: Menus...
ImageMagick Input Validation Error Vulnerability (CNVD-2021-10262)
ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. An input validation error vulnerability exists in ImageMagick, where MagickCore/quantum.h in versions prior to ImageMagick 7.0.9-0 has a range of representable values...
ImageMagick Input Validation Error Vulnerability (CNVD-2021-10259)
ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. ImageMagick Input Validation Error Vulnerability, coders/bmp.c in versions of ImageMagick prior to 7.0.9-0, exists outside the range of representable values of type...