CentOS 9 : openssl-3.0.7-25.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-25.el9 build changelog. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are...

GHSA-346H-749J-R28W PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

CVE-2024-1726

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2024-0874

CVE-2024-0874 affects CoreDNS. Root cause: improper CD bit handling leads to cache entries being incorrectly stored, causing invalid cache entries to be served. Impact: potential cache-related misbehavior; CVSS shows MEDIUM with network access. Remediation: upgrade CoreDNS to a patched version (e...

coredns 安全漏洞

CoreDNS is a DNS server for the CoreDNS community. A security vulnerability exists in coredns that stems from an incorrect cache implementation; this issue could result in invalid cache entries being returned...

Fedora 39 : chromium (2024-12edb9dec8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-12edb9dec8 advisory. update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use aft...

FreeBSD : chromium -- multiple security fixes (9bed230f-ffc8-11ee-8e76-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9bed230f-ffc8-11ee-8e76-a8a1599412c6 advisory. - Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to...

Fedora 38 : chromium (2024-5d8f4f86b0)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d8f4f86b0 advisory. update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use aft...

Debian dsa-5668 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5668 advisory. - Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Chromium: CVE-2024-3846 Inappropriate implementation in Prompts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-3845 Inappropriate implementation in Network

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2024-3838 Inappropriate implementation in Autofill

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 124.0.2478.51 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 18, 2024 advisory. - Microsoft Edge for Android Chromium-based Information Disclosure Vulnerability CVE-2024-29986 -...

KLA65692 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...

CVE-2024-26823

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their GIC...

CVE-2024-3846

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3838

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...