pypy, pypy3: Multiple Vulnerabilities

Background A fast, compliant alternative implementation of the Python language. Description Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

qt5-webengine -- Multiple vulnerabilities

Backports for 15 security bugs in Chromium: CVE-2024-4761: Out of bounds write in V8 CVE-2024-5158: Type confusion in V8 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7965: Inappropriate implementation in V8 CVE-2024-7967: Heap buffer overflow in Fonts CVE-2024-7971: Type confusion...

Google Chrome Security Update (stable-channel-update-for-desktop_17-2024-09) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

GHSA-QJXF-MC72-WJR2 Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length

Summary Under the default configuration, Devise-Two-Factor versions 1.0.0 or = 4.0.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make ...

CVE-2024-8905

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-8908

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Google Chrome < 129.0.6668.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 129.0.6668.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202409stable-channel-update-for-desktop17 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58...

ROS-20240917-09

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 129 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 129.0.6668.58 Linux 129.0.6668.58/.59 Windows, Mac contains a number of fixes and improvements -- a list of changes is...

Google Chrome < 129.0.6668.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 129.0.6668.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202409stable-channel-update-for-desktop17 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-29018)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29018 advisory. - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, an...

GO-2024-3123 Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark

Commitments to private witnesses in Groth16 as implemented break zero-knowledge property in github.com/consensys/gnark...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2414)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...