Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

Fedora 39 : chromium (2024-dd14eefb0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 High CVE-2024-6100: Type Confusion in V8 High CVE-2024-6101: Inappropriate implementation in WebAssembly High CVE-2024-6102...

MGASA-2024-0230 Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 126.0.6478.61 release. It includes 21 security fixes. Some of them are: High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24 High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuz...

DEBIAN-CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket-wq, such as eppollentries inserted by userspace...

CVE-2024-6101

CVE-2024-6101 affects Google Chrome components (V8/WebAssembly) with an out-of-bounds memory access vulnerability caused by an inappropriate implementation. According to multiple sources, including Chromium blog updates and Debian security advisories, the issue was fixed in Chrome 126.0.6478.114 ...

CVE-2024-6101

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2024-38553

In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndopollcontroller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b "eth: sungem: remove .ndopollcontroller to avoid deadlocks". The root cause of the...

GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...

curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...

Stable Channel Update for Desktop

The Stable channel has been updated to 126.0.6478.114/115 for Windows, Mac and 126.0.6478.114 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 344608204 High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee @0x10n participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 343748812 High CVE-2024-6101: Inappropriate implementation in WebAssembly...

CVE-2024-37158 Evmos is missing precompile checks

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

OPENSUSE-SU-2024:12107-1 testng-7.4.0-2.1 on GA media

These are all security issues fixed in the testng-7.4.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-21988

StorageGRID formerly StorageGRID Webscale versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation...

CVE-2024-21988

CVE-2024-21988 affects NetApp StorageGRID (formerly StorageGRID Webscale). Versions prior to 11.7.0.9 and 11.8.0.5 are vulnerable due to a flaw in the SSH cryptographic implementation that enables disclosure of sensitive information in complex Man‑in‑the‑Middle attacks. The root cause is tied to ...

CVE-2024-35328

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-34113

Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...

CVE-2024-34113 ColdFusion | Weak Cryptography for Passwords (CWE-261)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the...

Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...