CVE-2024-54129 Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part SSP...

rPGP 安全漏洞

rPGP is a pure Rust implementation of OpenPGP open sourced by rPGP. A security vulnerability exists in rPGP versions prior to 0.14.1. An attacker exploiting this vulnerability could cause resource exhaustion by providing specially crafted messages...

rPGP 安全漏洞

rPGP is a pure Rust implementation of OpenPGP open sourced by rPGP. A security vulnerability exists in rPGP versions prior to 0.14.1. An attacker exploiting this vulnerability could trigger an rpgp crash by supplying specially crafted data...

CVE-2024-53137 ARM: fix cacheflush with PAN

In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault...

kernel: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

A security vulnerability has been identified in the TCP networking implementation of the Linux kernel. Specifically, the dctcpupdatealpha function is susceptible to a shift-out-of-bounds condition. This flaw could potentially be exploited to cause unexpected behavior or a denial-of-service...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the cacheflush system call after the PAN implementation in the ARM architecture, which results...

Cisco NX-OS Improper Input Validation (CVE-2012-4097)

The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service BGP service reset via a malformed UPDATE message, aka Bug ID CSCtn13043. This plugin only works with Tenable.ot. Please visit...

The Role of Salesforce Implementation in Digital Transformation

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…...

CVE-2024-54131

CVE-2024-54131 (Kolide Agent / launcher, Windows): An implementation bug introduced in 1.5.3, where launcher started storing upgraded binaries in ProgramData and inherited looser root permissions, combined with an omitted SystemDrive env var when launcher starts osqueryd, enables local attackers ...

Kolide Agent 安全漏洞

Kolide Agent Kolide Launcher is a Kolide open source lightweight agent designed to work with Kolide's services. A security vulnerability exists in Kolide Agent that stems from the inclusion of an implementation error that could lead to elevation of privilege...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

OT-based ECDSA Protocol Implementation Flaws

github.com/taurusgroup/multi-party-sig is vulnerable to OT-based ECDSA protocol implementation flaws. The vulnerability is due to improper handling of Oblivious Transfer OT operations, allowing an attacker to exploit weaknesses in the OT implementation to compromise private keys or forge digital...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google USA. Google Pixel suffers from a security vulnerability that stems from the fact that an incorrect implementation may lead to the generation of weak RSA key pairs, resulting in a cryptographic vulnerability...

quic-go 数据伪造问题漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A data forgery issue vulnerability exists in versions of quic-go prior to v0.48.1, which stems from the mishandling of ICMP Packet Too Large messages, and could allow an out-of-path...

PT-2024-35882 · Ringcentral · Ringcentral Communications

Name of the Vulnerable Software and Affected Versions: RingCentral Communications versions n/a through 1.6.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

[SECURITY] Fedora 40 Update: rust-zlib-rs-0.4.0-1.fc40

A memory-safe zlib implementation written in rust...

[SECURITY] Fedora 41 Update: rust-zlib-rs-0.4.0-1.fc41

A memory-safe zlib implementation written in rust...