CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...

Synology DiskStation Manager Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-27652)

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the- middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

CVE-2024-46848

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174...

CVE-2024-46848 perf/x86/intel: Limit the period on Haswell

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174...

CVE-2024-46848

CVE-2024-46848 affects the Linux kernel perf/x86/intel Haswell frequency-estimation path. The issue stems from a too-short initial period (1) triggering HW errata HSW11/HSW143; fixes enforce a minimum period (128 for INST_RETIRED.ALL and 32 for other counters) and adjust the frequency-estimation ...

CVE-2024-46848 perf/x86/intel: Limit the period on Haswell

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174...

openSUSE Security Advisory (SUSE-SU-2024:3427-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:3418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-22892

OpenSlides 4.0.15 is affected by a vulnerability due to using a weak hashing algorithm for password storage. The CVE-2024-22892 entry, with a CVSS v3.1 base score of 7.5 (HIGH), indicates network attack potential with low complexity and no privileges required. The issue targets the password hashi...

SUSE: Security Advisory (SUSE-SU-2024:3411-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

A vulnerability was found in the Linux kernel in the csdsp firmware involving the V2 algorithm headers and the wmfw V2 format, which introduced variable-length strings into the algorithm block header. This means the overall header length is variable and without proper checks can result in an...

The vulnerability of the Mbed TLS software lies in the use of a faulty or risky cryptographic algorithm, which allows attackers to compromise the protected information.

The vulnerability of the Mbed TLS software is related to the use of a faulty or risky cryptographic algorithm. Exploiting this vulnerability can allow attackers to disclose protected information...

Hacking the “Bike Angels” System for Moving Bikeshares

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards...

ROS-20240918-15

A vulnerability in the Mbed TLS software is related to the use of a faulty or risky cryptographic algorithm. Exploitation of the vulnerability could allow an intruder to disclose protected information information...

CVE-2024-20406

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient...

CGA-RM26-RMF3-QJQC

Bulletin has no description...

CVE-2024-39583

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...