The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in the ability to bypass authentication using a user-controlled key. Exploiting this vulnerability allows an attacker to perform “man-in-the-middle” attacks remotely...

GHSA-2FF4-XFPR-M32R `Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)

Impact Impacted are the only ones who use hdwallet::Slip10Like or slip10 derivation method instantiated with curves other than secp256k1 and secp256r1. hdwallet crate used to provide Slip10Like derivation method, which is also provided in slip-10 crate as a default derivation method. It's based o...

Rockwell Automation PowerMonitor 1000 Remote

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...

This Week in Spring - December 17th, 2024

This Week in Spring - December 17th, 2024 Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! It's the 17th of December, 2024! And you know what means? The end of the year is nearly upon us! I can't believe it. It's been a very long year indeed, but I'm happy to get on board a...

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

BIT-NODE-MIN-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

CGA-P35F-QV46-7JWR

Bulletin has no description...

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-3.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

CVE-2024-55885 Beego Vulnerable to Collision Hazards of MD5 in Cache Key Filenames

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

CVE-2024-12455

A flaw was found in Fedora 41's glibc implementation of getrandom for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom fails to produce...

CVE-2024-54097

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity...

CVE-2024-54097

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity...

CVE-2024-54097

Technical details about CVE-2024-54097 are not publicly available in the provided connected documents; no specific affected products, versions, root cause, or fixes are disclosed here. Monitor for official disclosures and updates.

Important: ghostscript

Issue Overview: PS interpreter - check the type of the Pattern Implementation NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707991 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 NOTE:...

USN-7148-1: Linux kernel vulnerabilities

Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information kernel memory. Several security issues were discovered in the Linux kernel. An attacker could...

GHSA-GW5W-5J7F-JMJJ Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

CVE-2024-53856 rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...

CVE-2024-53856 rPGP Panics on Malformed Untrusted Input

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...

CVE-2024-53856

CVE-2024-53856 affects the rPGP library (Rust OpenPGP) where, prior to version 0.14.1, crafted data can trigger panics/crashes in rpgp (e.g., during parsing OpenPGP messages, decrypting, parsing keys, or signing). This can lead to a denial-of-service through program termination. The issue is fixe...

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...