Latest News

The library provides a public safe API `transmute_vec_as_bytes`, which incorrectly assumes that any generic type `T` could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as `T` and cast it to `u8` pointer. In the [issue](https://github.com/FyroxEngine/Fyrox/issues/630), we develop a PoC to show passing struct type to `transmute_vec_as_bytes` could lead to undefined behavior with `Vec::from_raw_parts`. The developers provide a patch by changing trait of `Copy` to `Pod`, which can make sure `T` should be plain data. This was patched in the latest version of [master](https://github.com/FyroxEngine/Fyrox/blob/3f9ad6f9667047dac051b0e97d544e5b38e5ae72/fyrox-core/src/lib.rs#L351-L360) branch, but still not on the latest release (0.28.1).

## Summary A vulnerability in the `add_share` function of the **Rewards** pallet (part of the ORML repository) can lead to an uncaught Rust panic when handling user-provided input exceeding the `u128` range. ## Affected Components - **ORML Rewards** pallet (`rewards/src/lib.rs`) - Any Substrate-based chain using ORML Rewards with `add_share` accepting unvalidated large `u128` inputs ## Technical Details - `add_share` performs arithmetic on user-supplied values (`add_amount`) of type `T::Share` (mapped to `u128` in Acala). - If `add_amount` is large enough (e.g., `i128::MAX`), the intermediate result may overflow and panic on the cast to `u128`. - Validation occurs only after arithmetic, enabling a crafted input to trigger an overflow. ## Impact A malicious user submitting a specially crafted extrinsic can cause a panic in the runtime: - **Denial of Service** by crashing the node process. - **Potential for invalid blocks** produced by validators. ## Likelihood This issue is exploita...

### Summary A bug in GitHub's Artifact Attestation CLI tool, `gh attestation verify`, may return an incorrect zero exit status when no matching attestations are found for the specified `--predicate-type <value>` or the default `https://slsa.dev/provenance/v1` if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure. Users are advised to update `gh` to version `v2.67.0` as soon as possible. Initial report: https://github.com/cli/cli/issues/10418 Fix: https://github.com/cli/cli/pull/10421 ### Details The gh attestation verify command fetches, loads, and attempts to verify attestations associated with a given artifact for a specified predicate type. If an attestation is fo...

Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort

A vulnerability exists due to an insecure backup.tgz file that, when obtained, contains sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. Although authentication is required to access the backup, an attacker with access could extract these files to retrieve stored credentials, decrypt secure communications, and escalate privileges by cracking password hashes. This exposure poses a significant security risk, potentially leading to unauthorized access, data breaches, and full system compromise.

A timing attack vulnerability exists in ABB Cylon FLXeon's authentication process due to improper comparison of password hashes in login.js and uukl.js. Specifically, the verifyPassword() function in login.js and the verify() function in uukl.js both calculate the password hash and compare it to the stored hash. In these implementations, small differences in response times are introduced based on how much of the password or the username matches the stored hash, making the system vulnerable to timing-based analysis.

A vulnerability exists in the ABB Cylon FLXeon controller that allows unauthenticated access to the Building Management System (BMS) or Building Automation System (BAS) dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate environmental controls such as temperature settings, potentially disrupting building climate regulation and operational safety.

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.

## Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination. The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because ...