CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

CVE-2024-2257 Password Policy Bypass Vulnerability in Digisol Router

This vulnerability exists in Digisol Router DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02 due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the...

Sensitive Information Disclosure

org.eclipse.edc: data-plane-http-oauth2-core is vulnerable to Sensitive Information Disclosure. The vulnerability arises from a misconfiguration in the OAuth2-protected data sink feature, where the consumer-provided clientSecretKey is resolved in the context of the provider's vault instead of the...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)

Summary Vulnerability in the AIX kernel may lead to privilege escalation CVE-2024-27273. Vulnerability Details CVEID:CVE-2024-27273 DESCRIPTION: IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation an...

.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the .N...

Oracle Linux 9 : runc (ELSA-2024-2180)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2180 advisory. 4:1.1.12-2 - Switch dependency on criu to Recommends - Resolves: RHEL-25116 Tenable has extracted the preceding description block directly from the...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-2272)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2272 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...

Rootstock Labs: Crafted smart contract can take 1.5 minutes to execute due to inefficient CODESIZE implementation

The crafted smart contract can take 1.5 minutes to execute due to an inefficient implementation of the CODESIZE operation in the VM. The issue was caused by the VM.doCODESIZE method, which retrieved the entire code array instead of just the code length. This behavior could be exploited to transfe...

CVE-2024-2410

The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...

Vulnerabilities that (mostly) aren’t: LUCKY13

TL;DR LUCKY13 is more an attack than a vulnerability LUCKY13 was patched over a decade ago … so it’s really unlikely that your server is vulnerable now Its an implementation issue Disabling CBC ciphers is still a good idea … but not because of susceptibility to LUCKY13 There is no material risk i...

CVE-2023-41183

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-38091

Kofax Power PDF response Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

CVE-2023-44420 D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this...

CVE-2023-44420

CVE-2023-44420 affects D-Link DIR-X3260 routers via prog.cgi, where an incorrect implementation of the authentication algorithm allows network-adjacent attackers to bypass authentication. The flaw is tied to the prog.cgi executable, enabling full device access without credentials. Reported by ZDI...

CVE-2023-42121

CVE-2023-42121 concerns Control Web Panel (CWP) missing authentication in its web interface, enabling remote code execution with no privileges required. The flaw results from a lack of authentication before accessing functionality, allowing an attacker to execute code in the context of a valid CW...

CVE-2023-42074 PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability

PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

CVE-2023-41186 D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific fl...