PT-2024-31724

Name of the Vulnerable Software and Affected Versions: Yubico YubiKey 5 Series devices with firmware before 5.7.0 YubiHSM 2 devices with firmware before 2.4.0 Description: The issue allows an ECDSA secret-key extraction attack that requires physical access and expensive equipment. This attack is...

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 For more details about the...

EulerOS Virtualization 2.12.1 : systemd (EulerOS-SA-2024-2318)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cau...

WebNMS Framework Server Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...

GO-2022-0839 Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform

Use of a Broken or Risky Cryptographic Algorithm in Terraform in github.com/hashicorp/terraform...

GO-2022-0306 Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy in github.com/foxcpp/maddy

Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy in github.com/foxcpp/maddy...

EulerOS 2.0 SP12 : systemd (EulerOS-SA-2024-2228)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...

CVE-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

CVE-2024-7593

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel...

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...

CVE-2024-38883

Summary (CVE-2024-38883): Horizon Business Services Inc. Caterease v16.0.1.1663–v24.0.1.2405 (and possibly later) may be vulnerable to a remote, network-based attack due to negotiating with a less-secure encryption algorithm, enabling a Drop Encryption Level attack. The issue is described across ...

PT-2024-28254 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation...

GHSA-HRMX-8JJV-G758 Navidrome uses MD5 hashing algorithm

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information...

CVE-2024-28972

Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure...

CVE-2024-28972

Dell InsightIQ 5.0.0 is affected by a use of a broken or risky cryptographic algorithm that could be exploited by an unauthenticated remote attacker to cause information disclosure. The vulnerability is documented across multiple sources indicating affected versions include 5.0.0 and prior to 5.0...

PT-2024-29336 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome version 0.52.3 Description: The issue concerns the use of an insecure hashing algorithm, specifically MD5, in the Gravatar service of Navidrome. This allows attackers to manipulate a user's account information. Recommendations: For...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

DEBIAN-CVE-2024-41056

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Use strnlen on name fields in V1 wmfw files Use strnlen instead of strlen on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size...

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...