SUSE SLES12 Security Update : docker (SUSE-SU-2024:0587-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0587-1 advisory. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two...

Race Condition

decidim is vulnerable to a Race Condition. The vulnerability is due to the system's inability to handle multiple parallel requests for endorsing a resource, such as a proposal, allowing an attacker to endorse the same resource multiple times...

GHSA-R275-J57C-7MF2 Race condition in Endorsements

Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...

Race condition in Endorsements

Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...

Intel(R) oneAPI DPC++/C++ Compiler Security Vulnerability

IntelR oneAPI DPC++/C++ Compiler is a compiler from Intel Corporation USA. A security vulnerability previously existed in Intel oneAPI DPC++/C++ Compiler software version 2023.2.1, which stems from improper access control in the affected product. It could result in an authenticated user potential...

PT-2024-1790 · Intel · Intel Oneapi Dpc++/C++ Compiler

Name of the Vulnerable Software and Affected Versions: IntelR oneAPI DPC++/C++ Compiler versions prior to 2023.2.1 IntelR oneAPI DPC++/C++ Compiler versions prior to 2022.2.1 for some IntelR oneAPI Toolkits before version 2022.3.1 Description: The issue is related to improper access control in th...

Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and...

SUSE CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

Race Condition

buildkit is vulnerable to a Race Condition. The vulnerability is caused when two malicious build steps are ran in parallel, sharing the same cache mounts with subpaths. This issue can be exploited by an attacker to access files on the host filesystem...

CVE-2023-34324

The CVE describes a deadlock in Linux kernel Xen event channel handling when a close operation is performed in parallel with a Xen console action/interrupt in an unprivileged Xen guest. The issue occurs during removal of a paravirtual device or similar event-channel close, with 32-bit Arm guests ...

Joblib: Arbitrary Code Execution

Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...

Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

CVE-2023-49957

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP Open Charge Point Protocol for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Default credentials

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

ZITADEL Competitive conditions loophole

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. ZITADEL versions prior to 2.40.5, 2.38.3 and prior to 2.38.3 suffer from a Competing Conditions Issue vulnerability that...

Debian: Security Advisory (DLA-3643-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Uncontrolled Resource Consumption in Ietf Http

HTTP2 Rapid Reset Attack: CVE-2023-44487 Quick exploit to test...

Frontier Security Vulnerabilities

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ether Dapps. A security vulnerability exists in previous versions of Frontier aea52819, which stems from a vulnerability that allows an attacker to create contracts with a large number of stored values on a parallel...

Conversion Manager 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1

Conversion Manager 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1 Who Should Install This Update? This Conversion Manager virtual appliance update is for customers who use the Conversion Manager feature of Citrix Hypervisor 8.2 CU1. It constitutes the following deliverable: File Name|...