ROS-20240424-02

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected informatio...

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...

The vulnerability of the PowerScale OneFS operating system, related to the use of cryptographic algorithms containing defects, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PowerScale OneFS operating system is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

Argo CD 安全漏洞

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

Dell PowerScale OneFS 加密问题漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has a cryptographic issue vulnerability that arises from the presence of a vulnerability in the use of corrupted or risky...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

The vulnerability of the Windows operating system’s authenticity verification mechanism allows attackers to escalate their privileges.

The vulnerability of the Windows operating system’s authenticity verification mechanism is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2024-3632 · Dell · Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 Description: The issue is related to the use of defective cryptographic algorithms in the PowerScale OneFS operating system. This could allow a remote attacker to gain unauthorized access t...

RLSA-2024:1784 Moderate: gnutls security update

The gnutls package provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. This package update fixes a timing side-channel in deterministic ECDSA. Security Fixes: gnutls: vulnerable to Minerva side-channel...

CVE-2023-40696

CVE-2023-40696 – IBM Cognos Controller information disclosure Affected products: IBM Controller 11.0.0, 10.4.2, 10.4.1. Root cause: Use of weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Impact (as documented): potential disclosu...

CVE-2023-40696 IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939...

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

CVE-2020-4874

CVE-2020-4874 affects IBM Cognos Controller: versions 10.4.1, 10.4.2, and 11.0.0 use weaker cryptographic algorithms that could let an attacker decrypt highly sensitive data. Remediation is available via upgrades to: 11.0.1 FP2, 10.4.2 FP3, or 10.4.1 FP1 (as listed by IBM). No exploit details are...

Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

ALSA-2024:2570 Moderate: gnutls security update

The gnutls package provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...

Last-Level Cache Side-Channel Attacks

AMD ID: AMD-SB-7019 Potential Impact: N/A Severity: N/A Summary Researchers from the University of Illinois Urbana-Champaign and Tel Aviv University have published a paper titled “Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud.” The paper does not demonstrate any...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

CVE-2024-32576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Stored XSS.This issue affects BA Book Everything: from n/a through 1.6.8...