Minor update (6) for Vivaldi Desktop Browser 6.7

Download Vivaldi The following improvements were made since the fifth 6.7 minor update: Chromium Upgraded 124.0.6367.221 CVE-2024-4947: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Sync Avoid removing data needed for the sync back...

Authentication flaw

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

SUSE-SU-2024:0157-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2023-50981: Fixed a potential denial of service issue via crafted DER public key data bsc1218222...

EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2023-3131)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated us...

SUSE CVE-2023-50980

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

Denial Of Service (DoS)

libcryptopp.so is vulnerable to Denial Of Service DoS. The vulnerability exists in the ModularSquareRoot function due to an infinite loop caused by crafted DER public-key data with squared odd numbers, which allows an attacker to cause DoS...

Denial Of Service (DoS)

libcryptopp.so is vulnerable to Denial Of Service DoS. The vulnerability is caused when DER public key data for an F2^m curve is not strictly decreasing each polynomial term, which allows an attacker to cause an application crash...

CVE-2023-50980

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

CVE-2023-50981

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

CVE-2023-50980

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

CVE-2023-50981

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

Command injection

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

CVE-2023-50980

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

CVE-2023-50980

gf2n.cpp in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service application crash via DER public-key data for an F2^m curve, if the degree of each term in the polynomial is not strictly decreasing...

CVE-2023-50981

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

krb5: Denial of service through freeing uninitialized pointer

A vulnerability was found in the xdrkadm5principalentrec function in lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 krb5. This issue occurs due to lack of validation in the relationship between nkeydata and the keydata array count, leading to the freeing of uninitialized pointers. This may allow a remo...

SUSE CVE-2019-14867

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

Oracle Linux 6 : pidgin (ELSA-2011-0616)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0616 advisory. - Add patch for CVE-2011-1091 RH bug 683031. - Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch...

OESA-2023-1555 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. ...