89 matches found
Oracle Linux 8 : conmon (ELSA-2024-12226)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12226 advisory. - address CVE-2023-39326 cri-o - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools - Address CVE-2023-39326 etcd - Address CVE-2023-39326 by...
SUSE-SU-2024:0315-1 Security update for slurm
This update for slurm fixes the following issues: - CVE-2023-49933: Fixed a message extension attack that could bypass the message hash bsc1218046. - CVE-2023-49936: Fixed a NULL pointer dereference bsc1218050. - CVE-2023-49937: Fixed a double free that could lead to denial of service or code...
GHSA-XWCQ-PM8M-C4VF crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
SUSE CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
SHA1 Hashing Algorithm vulnerable to Length Extension Attack
Lines of code Vulnerability details Impact The implementation of the SHA1 hashing algorithm in the code has a significant impact as it is vulnerable to the length extension attack. This attack enables us to create a new hash for an extended message without altering the existing hash, even though ...
SUSE CVE-2022-0798
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
SUSE CVE-2022-3449
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
Malicious code in freqrade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f0661e5b1f93a08e932fa0f5bafe0e64c8564b83db87d202d28fa91b83132db2 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
DEBIAN-CVE-2022-4179
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
UBUNTU-CVE-2022-4180
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
CVE-2022-3449
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
CVE-2022-3658
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. Chromium security severity: Medium...
computeAddress does not follow the standard procedure to compute the address. The contract can not create pool for some pairs due to hash collision
Lines of code Vulnerability details Impact Poor source of randomness, an attacker can easily decipher the computed address. The contract can be easily tricked. This can cause hash collision, due to this, for some pairs, the contract can not create pool. Proof of Concept AlgebraFactory.solL123 : T...
CVE-2022-2619
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page...
UBUNTU-CVE-2022-1863
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...
UBUNTU-CVE-2022-1856
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction...
CVE-2022-31259
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...
CVE-2022-24075
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files...
CVE-2021-38346
The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...