Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a buffer overflow due to the use of HASHALGOLAST in the imaeventdigestinitcommon function in the ima...

GitLab 12.6 < 17.4.5 / 17.5 < 17.5.3 / 17.6 < 17.6.1 (CVE-2024-8237)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Inefficient Algorithmic Complexity in GitLab CVE-2024-8237 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

GitLab 13.2.4 < 17.4.5 / 17.5 < 17.5.3 / 17.6 < 17.6.1 (CVE-2024-11828)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Inefficient Algorithmic Complexity in GitLab CVE-2024-11828 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

K000148495: libssh vulnerability CVE-2023-1667

Security Advisory Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. CVE-2023-1667 Impact This vulnerability may allow an authenticated client to cause a denial-of-service...

Tornado has an HTTP cookie parsing DoS vulnerability

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. See...

GHSA-M52V-24P8-654F SurrealDB has an Uncaught Exception Sorting Tables by Random Order

Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...

CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

CVE-2024-52804

The CVE-2024-52804 issue affects Tornado prior to 6.4.2, where the HTTP cookie parsing algorithm can exhibit quadratic complexity, causing high CPU usage in the event loop and potential DoS. The documented fix is upgrading to Tornado 6.4.2. Connected advisories also reference mitigation in packag...

F5 Networks BIG-IP : libssh vulnerability (K000148495)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000148495 advisory. A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud has a security vulnerability that stems from an MD5 hash being used to check the uniqueness of background jobs. This increases the likelihood tha...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

Password Reset Attack

yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

Progress Telerik Report Server 信任管理问题漏洞

Progress Telerik Report Server is an enterprise-class report management and distribution solution from Progress, Inc. A trust management issue vulnerability exists in versions of Progress Telerik Report Server prior to 2024 Q4, which stems from an older algorithm used to encrypt local asset data,...

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

ROS-20241112-08

A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...

CVE-2024-9999

CVE-2024-9999 affects Progress WS_FTP Server prior to version 8.8.9 (2022.0.9). The root cause is an incorrect implementation of the authentication algorithm in the Web Transfer Module, allowing bypass of the second-factor verification and login with username and password only. Impact described i...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 (KB5044062)

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 KB5044062 Notice We have re-released the Exchange Server 2019 and 2016 November 12, 2024, security update SU to address the issue where Exchange Server stops processing Exchange Transport Rules ETR a...