[SECURITY] Fedora 39 Update: dotnet7.0-7.0.119-1.fc39

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

The vulnerability relates to the collection of tools and libraries used for data processing and report rendering in Power BI client JS SDK. It stems from insufficient validation of input data, allowing an attacker to gain unauthorized access to protected information.

The vulnerability of the tools and libraries used for data processing and report rendering in Power BI client JS SDK is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially create...

Important: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

USN-6784-1 cjson vulnerabilities

It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-50471, CVE-2023-50472 Luo Jin discovered that cJSON incorrectly...

PT-2024-8711 · Kingsoft · Kingsoft Wps Office

Name of the Vulnerable Software and Affected Versions: Kingsoft WPS Office versions 12.2.0.13110 through 12.2.0.17119 Description: The issue is related to improper path validation in the promecefpluginhost.exe file, allowing an attacker to load an arbitrary Windows library. This can lead to the...

RHEL 9 : glibc (RHSA-2024:3339)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3339 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

PT-2024-6108 · Microsoft +1 · Ntasn1.Dll +3

Name of the Vulnerable Software and Affected Versions: CORSAIR iCUE version 5.9.105 Description: The issue is related to insufficient protection of service data due to the loading of dynamic libraries, including MSASN1.dll, NTASN1.dll, and profapi.dll, in the cuepkg-1.2.6 subdirectory of the...

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

Moderate: Red Hat Security Advisory: motif security update

An update for motif is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...

GHSA-4RR6-GF59-GGW5 namshi/jose - Verification bypass

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

gree/jose - "None" Algorithm treated as valid in tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

GHSA-9GXV-X7RP-R2HC gree/jose - "None" Algorithm treated as valid in tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

app.cash.lilbitcoinj:lilbitcoinj-core (>=0.0.2 <=0.0.3), app.cash.lninvoice:ln-invoice (>=0.0.1 <=0.0.6) +1309 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk15to18 (>=1.63 <=1.77)

org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.63, =0.0.2, =0.0.1, =0.2.9, =0.1.0, =0.2.1, =0.2.0, =1.0.0, =1.0.1, =0.2.0, =0.2.0, =1.0.0.RELEASE, =1.0.0, =1.0.0.RELEASE, =2.7.0 and more Source cves: CVE-2024-29857 Source advisory: OSV:GHSA-8XFC-GM6G-VGPV...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +6792 more potentially affected by CVE-2024-30172 via org.bouncycastle:bcprov-jdk18on (>=1.73 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.73, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.7.0-alpha01, =1.3.0, =1.3.0, =2025.01.23.182856-596558a, =2025.01.23.182856-596558a, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-30172 Source...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2024-30171 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-30171 Source...

Amazon Linux 2023 : python3-bson, python3-pymongo, python3-pymongo-gridfs (ALAS2023-2024-614)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-614 advisory. Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged...

[SECURITY] Fedora 39 Update: stb-0^20240213gitae721c5-6.fc39

Single-file public domain libraries for C/C++...

[SECURITY] Fedora 38 Update: stb-0^20240213gitae721c5-5.fc38

Single-file public domain libraries for C/C++...