Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

GHSA-CHCR-X7HC-8FP8 Devise-Two-Factor vulnerable to brute force attacks

Advisory withdrawn The backing CVE has been rejected Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2F...

Devise-Two-Factor vulnerable to brute force attacks

Advisory withdrawn The backing CVE has been rejected Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2F...

OESA-2024-1045 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

The vulnerability of the Nearby Share function in Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the Nearby Share function in Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability can allow remote attackers to perform spoofing attacks...

The vulnerability of the HTML platform for Windows operating systems, which allows a hacker to bypass security restrictions

The vulnerability of the HTML platform for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...

The vulnerability in the implementation of the Kerberos protocol for Windows operating systems allows a perpetrator to circumvent security restrictions.

The vulnerability of the Kerberos protocol for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions remotely...

The vulnerability of the Online Certificate Status Protocol (OCSP) implementation in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Online Certificate Status Protocol OCSP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Archive Utility component in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Archive Utility component in macOS operating systems is related to data processing errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Devise-Two-Factor vulnerable to brute force attacks

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. Impact If a...

PT-2024-15397 · Unknown · Devise-Two-Factor

Name of the Vulnerable Software and Affected Versions: Devise-Two-Factor affected versions not specified Description: The issue concerns Devise-Two-Factor not throttling or restricting login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages, related to errors in processing input data, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code by having the user open a specially crafted malicious file...

ALSA-2024:0121 Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

PT-2024-40976 · Microsoft · Ms Windows

Name of the Vulnerable Software and Affected Versions: hawk2 versions prior to 2.6.4+git.1702030539.5fb7d91b Description: The issue concerns the hawk2 software, where several problems have been fixed, including the setting of the HttpOnly secure flag by default and the protection against CSRF in...

PT-2024-1024 · Microsoft · Ocsp +1

Name of the Vulnerable Software and Affected Versions: Microsoft Online Certificate Status Protocol OCSP affected versions not specified Description: The issue is related to the implementation of the Online Certificate Status Protocol OCSP in Windows operating systems, specifically concerning...

PT-2024-1247 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows Hyper-V hardware virtualization system. This can be exploited by a remote attacker to...

Huawei EulerOS: Security Advisory for grpc (EulerOS-SA-2024-1083)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

The vulnerability in the web interface of the software for managing network infrastructure SINEC INS allows a perpetrator to enhance their privileges.

The vulnerability of the software web interface for managing SINEC INS network infrastructure is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker, operating remotely, to enhance their privileges by intercepting requests sent to the UMC...