Authentication Bypass

friendsofsymfony/user-bundle is vulnerable to Authentication Bypass. The vulnerability is due to an insecure user refresh implementation due to using the primary key instead of the username, which can result in authentication bypass if users are allowed to change usernames...

CVE-2024-27417

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

Microsoft Edge (Chromium) < 124.0.2478.109 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.109. It is, therefore, affected by multiple vulnerabilities as referenced in the May 16, 2024 advisory. - Microsoft Edge Chromium-based Information Disclosure Vulnerability CVE-2024-30056 - Type Confusion in...

[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39

DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...

Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-05) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-05) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_15-2024-05) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2024-4950

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-4950

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-4950

CVE-2024-4950 pertains to Chromium/Google Chrome prior to 125.0.6422.60, where an inappropriate implementation in Downloads could let a remote attacker lure a user into specific UI gestures to spoof UI via a crafted HTML page. Affected products are Chrome/Chromium browsers; the underlying issue i...

ALSA-2024:2843 Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19...

Google Chrome < 125.0.6422.60 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 125.0.6422.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 202405stable-channel-update-for-desktop15 advisory. - Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a...

CVE-2024-2257

This vulnerability exists in Digisol Router DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02 due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the...

Digisol Router 安全漏洞

Digisol Router is a series of routers from Digisol. A security vulnerability exists in Digisol Router that stems from improper implementation of password policies...

openSUSE Security Advisory (openSUSE-SU-2024:0123-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-30259 FastDDS heap buffer overflow when publisher sends malformed packet

FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed RTPS packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS...

CVE-2024-30258 FastDDS crash when publisher send malformed packet

FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DD...

CVE-2024-30258

FastDDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed RTPS packet, the subscriber crashes when creating pthread. This can remotely crash any Fast-DD...

RHEL 9 : go-git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients...

CVE-2024-34360

CVE-2024-34360 affects go-spacemesh (Spacemesh full-node implementation). The issue is that ATXs can reference an incorrect previous ATX instead of the latest, breaking the protocol’s single-chain requirement from newest to oldest ATX by an identity. This can enable an attack vector where nodes m...