K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669

Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs CVE-2023-52913 In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets CVE-2024-26718 In the Linux kernel, the following...

Malicious code in crypt-research (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 488cc5e5910fdc7c554f6c3b87979d4abe9cd560a718f367505c58d4ffec25d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10957 Malicious code in crypt-research (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 488cc5e5910fdc7c554f6c3b87979d4abe9cd560a718f367505c58d4ffec25d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so 安全漏洞

MongoDB mongocryptd and MongoDB Mongocryptv1.so are both products of MongoDB, Inc. of the U.S.A. MongoDB mongocryptd is a client-side encryption library.MongoDB Mongocryptv1.so is an auto-encryption shared library used to perform encryption and decryption operations. A security vulnerability exis...

crypt_guard (>=0.1.4 <=1.3.6), crypt_guard_kyber (>=0.1.1 <=0.1.2) +14 more potentially affected by unknown CVE via pqcrypto-kyber (>=0.1.2 <=0.8.1)

pqcrypto-kyber CARGO version =0.1.2, =0.1.4, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.7.0-alpha1, =0.1.2, =0.1.0, =0.23.0, =0.35.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0381...

ROS-20241021-09

A vulnerability in the ntfs3 component of the Linux operating system kernel is related to read errors outside the bounds in the ntfslistea function in fs/ntfs3/xattr.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the qedr component of...

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such ...

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group's activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, b...

SUSE CVE-2024-43859

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fsfileopen chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscryptsetbiocryptctx+0x78/0x1e8...

UBUNTU-CVE-2024-43859

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fsfileopen chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscryptsetbiocryptctx+0x78/0x1e8...

Advisory ROSA-SA-2024-2458

Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29 CVE-ID: CVE-2022-43995 BDU-ID: 2022-06664 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the implementation of the crypt function of the Sudo system administration program is related to the ability to read outside of...

SUSE CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

UBUNTU-CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the f2fs file system to properly handle the SBINLINECRYPT flag during remounts...

Malicious code in pythoncryptlibaryv2 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in applyalternatives CVE-2023-52504 A null pointer dereference flaw was found in the hugetlbfsfillsuper function in the Linux kernel hugetlbfs HugeTLB pages functionality. This issu...

Weak Encryption

fuel/core is vulnerable to Weak Encryption. The vulnerability is due to the usage of the Crypt encryption algorithm, which potentially allows an attacker with sufficient knowledge, code, and GPU calculation power to break and potentially compromise the security of encrypted data...