GHSA-V9XQ-2MVM-X8XC Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs

Impact IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only...

PT-2024-10797 · Unknown · Html2Markdown

Name of the Vulnerable Software and Affected Versions: HTML2Markdown versions all available versions Description: The issue concerns a Regular Expression Denial of Service ReDoS in the HTML2Markdown Javascript implementation, which is used for converting HTML to Markdown text. No known patches ar...

RLSA-2024:7851 Important: .NET 6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35...

CVE-2024-10381

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

CVE-2024-10381

CVE-2024-10381 affects Matrix Door Controller Cosec Vega FAXQ, where the web-based management interface has an improper session-management implementation. A remote attacker can send specially crafted HTTP requests to the vulnerable device, potentially gaining unauthorized access and full control....

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

Chromium: CVE -2024-10229 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA74613 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 can be exploited to cause denial of service. 2. Inappropriate implementation...

CVE-2024-40431

A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTLSCSIPASSTHROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user...

SUSE CVE-2024-46951

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution...

CVE-2024-9927

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allowpaymentwithoutlogin function. This makes it possible for authenticated attackers, with Shop...

CVE-2024-50034

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...

Improper Expiration Of OTP Codes

org.keycloak:keycloak-core is vulnerable to Improper Expiration of OTP Codes. The vulnerability is due to the improper handling of OTP expiration in the FreeOTP implementation, where expired OTP codes remain usable for an additional 30 seconds, allowing them to be valid for a total of 1 minute...

[SECURITY] Fedora 40 Update: rust-tonic-0.12.3-1.fc40

A gRPC over HTTP/2 implementation focused on high performance, interoperability, and flexibility...

[SECURITY] Fedora 39 Update: rust-tonic-build-0.12.3-1.fc39

Codegen module of tonic gRPC implementation...

[SECURITY] Fedora 39 Update: rust-tonic-0.12.3-1.fc39

A gRPC over HTTP/2 implementation focused on high performance, interoperability, and flexibility...

openSUSE 15 Security Update : chromium (openSUSE-SU-2024:0337-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0337-1 advisory. Chromium 130.0.6723.58 boo1231694 CVE-2024-9954: Use after free in AI CVE-2024-9955: Use after free in Web Authentication CVE-2024-9956:...

Fedora 39 : chromium (2024-c0b1d26de3)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c0b1d26de3 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...

openSUSE Security Advisory (openSUSE-SU-2024:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Chromium: CVE-2024-9964 Inappropriate implementation in Payments

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...