#mac

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

## ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions **Component**: Cosmos SDK **Criticality**: High **Affected Versions**: Cosmos SDK versions <= 0.50.4, on 0.50 branches **Affected Users**: Chain developers, Validator and Node operators **Impact**: Elevation of Privilege ## Summary The default `ValidateVoteExtensions` helper function infers total voting power based off of the injected `VoteExtension`, which are injected by the proposer. If your chain utilizes the `ValidateVoteExtensions` helper in `ProcessProposal`, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected `VoteExtension`, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected `VoteExtension` data was added to confirm voting power against the state machine. ## Next Steps for Impacted Parties If you are a chain developer on an affected version of the Cosmos ...

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

This week on the Lock and Code podcast, we speak with Leigh Honeywell about the cybersecurity defenses to online harassment.

DataCube3 version 1.0 suffers from a remote shell upload vulnerability.

Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help.

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

- Issues: - SCS_14 is allowed on encrypted connection (osdp_phy.c) - No validation for RMAC_I is only in response to osdp_SCRYPT (osdp_cp.c) - Couldn't find anything specific in the OSDP specifications indicating it is forbidden, I'm gussing it shouldn't be allowed according from the secure connection initialization flow (let me know if you think there is spec-rela ted change that should be done) - Attack: - Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it. - While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reade r) - Once attacker captures a session with the message to be replayed, he stops reseting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotly...

By Deeba Ahmed Cisco announced patches for high-severity vulnerabilities on Wednesday, March 6, 2024. This is a post from HackRead.com Read the original post: Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws

### Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory allocation and processing time during decompression. ### Details **The attacker needs to obtain a valid public key to compress the payload**. It needs to be valid so that the recipient can use to successfully decompress the payload. Furthermore in context JWT processing in the v2 versions, the recipient must explicitly allow JWE handling . The attacker then crafts a message with high compression ratio, e.g. a payload with very high frequency of repeating patterns that can decompress to a much larger size. If the payload is large enough, recipient who is decompressing the data will have to allocate a large amount of memory, which then can lead to a denial of service. The original repo...