ALSA-2024:1310 Moderate: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3...

Inappropriate Implementation

Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability is due to an implementation error in the V8 engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

Fedora: Security Advisory for beansbinding (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jaxb-stax-ex (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : chromium (2024-80032b2fed)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-80032b2fed advisory. upstream security release 122.0.6261.111 - High CVE-2024-2173: Out of bounds memory access in V8 - High CVE-2024-2174: Inappropriate implementation ...

Cisco NX-OS Allocation of Resources Without Limits or Throttling (CVE-2024-20321)

A vulnerability in the External Border Gateway Protocol eBGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware...

[SECURITY] Fedora 40 Update: naga-3.0-26.20200930git6f1e95d.fc40

Naga aims to be a very small NIO library that provides a handful of java classes to wrap the usual Socket and ServerSocket with asynchronous NIO counterparts similar to NIO2 planned for Java 1.7. All of this is driven from a single thread, making it useful for both client e.g. allowing I/O to be...

[SECURITY] Fedora 40 Update: jaxb-stax-ex-2.1.0-8.fc40

This project contains a few extensions to complement JSR-173 StAX API in the following areas: - Enable parser instance reuse which is important in the high-performance environment like Eclipse Implementation of JAXB and Eclipse Metro - Improve the support for reading from non-text XML infoset, su...

[SECURITY] Fedora 40 Update: java-scrypt-1.4.0-24.fc40

A pure Java implementation of the scrypt key derivation function...

[SECURITY] Fedora 40 Update: jaxb-4.0.4-6.fc40

GlassFish JAXB Reference Implementation...

[SECURITY] Fedora 40 Update: jakarta-el-4.0.0-14.fc40

Jakarta Expression Language provides a specification document, API, reference implementation and TCK that describes an expression language for Java applications. This package contains the implementation...

[SECURITY] Fedora 40 Update: dirgra-0.4-12.fc40

Simple Directed Graph Implementation...

Chromium: CVE-2024-2174 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

CVE-2024-2236 Libgcrypt: vulnerable to marvin attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...