CVE-2023-41183 NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-40501

Summary: CVE-2023-40501 affects LG Simple Editor. The flaw is in the implementation of the copyContent command, caused by an exposed dangerous function, allowing remote attackers to execute code in the SYSTEM context with no authentication over the network. Multiple connected sources (ZDI advisor...

CVE-2023-40474 GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

CVE-2023-38096 NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability

NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this...

CVE-2023-38096

CVE-2023-38096 affects NETGEAR ProSAFE Network Management System. The flaw resides in the MyHandlerInterceptor authentication mechanism, representing an improper implementation that allows remote attackers to bypass authentication (no user interaction required). Impact is high on confidentiality,...

[SECURITY] Fedora 38 Update: matrix-synapse-1.105.1-1.fc38

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

ROS-20240503-02

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

5 Steps to Make Zero Trust Achievable

...

edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message

A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerabili...

ALSA-2024:2528 Low: mingw-glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GVariant offset table...

Fedora 40 : rust-asyncgit / rust-bat / rust-cargo-c / rust-eza / etc (2024-53685bdcb6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-53685bdcb6 advisory. - Update the git2 crate to version 0.18.2. - Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an...

Fedora 40 : chromium (2024-5dacab5f00)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5dacab5f00 advisory. upstream security release 122.0.6261.111 - High CVE-2024-2173: Out of bounds memory access in V8 - High CVE-2024-2174: Inappropriate implementation ...

Fedora 40 : chromium (2024-4d2d73ab31)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4d2d73ab31 advisory. update to 123.0.6312.122 High CVE-2024-3157: Out of bounds write in Compositing High CVE-2024-3516: Heap buffer overflow in ANGLE High CVE-2024-3515...

Fedora 38 : chromium (2024-2c9be9d949)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2c9be9d949 advisory. update to 124.0.6367.78 Critical CVE-2024-4058: Type Confusion in ANGLE High CVE-2024-4059: Out of bounds read in V8 API High CVE-2024-4060: Use aft...

MGASA-2024-0150 Updated chromium-browser-stable packages fix security vulnerabilities

The chromium-browser-stable package has been updated to the 124.0.6367.60 release. It includes 23 security fixes. Please, do note, only x8664 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromiu...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CentOS 9 : openssl-3.0.7-25.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-25.el9 build changelog. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are...

Fedora 39 : chromium (2024-decb7e94a1)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-decb7e94a1 advisory. update to 124.0.6367.78 Critical CVE-2024-4058: Type Confusion in ANGLE High CVE-2024-4059: Out of bounds read in V8 API High CVE-2024-4060: Use aft...