Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from a mal-implementation issue found in the V8 module. No details of the vulnerability are provided at this time...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from an improper implementation issue found in the PicturePicture module. No details of the vulnerability are provided at this time...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from a mal-implementation issue found in the V8 module. No details of the vulnerability are provided at this time...

dotnet8.0 security update

An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1903)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

UBUNTU-CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

USN-6895-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...

Google Android Authentication Bypass Vulnerability (CNVD-2024-33528)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authentication bypass vulnerability that stems from an incorrect protocol implementation in the smpprocrand method of the smpact.cc file, which can be exploited by an attacker to potentially...

Important: Red Hat Security Advisory: dotnet8.0 security update

An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

[SECURITY] Fedora 40 Update: jpegxl-0.8.3-1.fc40

This package contains a reference implementation of JPEG XL encoder and decoder...

CVE-2024-34722

In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message

A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerabili...

Moderate: Red Hat Security Advisory: tpm2-tss security update

An update for tpm2-tss is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2024-39476

The CVE-2024-39476 entry describes a Linux kernel md/raid5 deadlock scenario affecting raid5d where a deadlock can occur when MD_SB_CHANGE_PENDING is not cleared promptly. Root cause, as stated, is a dependency chain: md_check_recovery() from raid5d() must hold reconfig_mutex to clear MD_SB_CHANG...

CVE-2023-52340

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c maxsize threshold that can be consumed easily, e.g., leading to a denial of service network is unreachable errors when IPv6 packets are sent in a loop via a raw socket...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and earlier, contains a vulnerability described as Use of a Cryptographic Primitive with a Risky Implementation. The CVE-2024-37137 entry indicates a local privileged attacker could potentially obtain privileged information due to this insecure cryptographic usage....

CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure...

XAES-256-GCM

About a year ago I wrote that “I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing.” Well, there is now an XAES-256-GCM specification. Had to give up on the /11 part, but that was just a performance optimization. XAES-256-GCM is an...

RUSTSEC-2024-0345 Low severity (DoS) vulnerability in sequoia-openpgp

There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop. Many thanks to Andrew Gallagher for disclosing the issue to us. Impact Any software directly or indirect...