nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

CVE-2024-48353

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information...

CVE-2024-48353

CVE-2024-48353 affects Yealink Meeting Server prior to v26.0.0.67. The issue arises from static key information being obtainable from a front‑end JavaScript file, enabling an attacker to decrypt plaintext passwords using the exposed key data. The vulnerability is described across multiple sources...

Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2623)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2657)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the SCKU Dome software lies in the use of a weak encryption algorithm, which allows attackers to decrypt user passwords.

The vulnerability of the SCKU Dome software is related to the use of a weak encryption algorithm. Allowing unauthorized users to decrypt user passwords...

CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

SUSE CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

AZL-50767 CVE-2024-50047 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

AZL-50936 CVE-2024-50047 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

DEBIAN-CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

UBUNTU-CVE-2024-50047

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2024-50047 smb: client: fix UAF in async decryption

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2024-50047 smb: client: fix UAF in async decryption

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2024-50047 smb: client: fix UAF in async decryption

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2024-50047

CVE-2024-50047 is a Linux kernel issue affecting the SMB client’s async crypto path. When performing async decryption for large reads, a use-after-free in the cryptography API can occur, crashing due to a freed AEAD request while the hardware crypto offload is still processing. The Astra Linux ad...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a crash due to post-release reuse when the smb client performs asynchronous decryption...