CVE-2024-2005 SAML implementation allows privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

CVE-2024-2005 SAML implementation allows privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

edk2: Buffer overflow in the DHCPv6 client via a long Server ID option

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions prior to Google Chrome 122.0.6261.111, which stems from an improper implementation in V8...

Google Chrome < 122.0.6261.111 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 122.0.6261.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 202403stable-channel-update-for-desktop advisory. - Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 325893559 High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 325866363 High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be...

ALSA-2024:1130 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0300-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0216-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...

Google Chrome Security Bypass Vulnerability (CNVD-2024-16936)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome that stems from an improper implementation of the Content Security Policy module. An attacker can exploit this vulnerability to bypass security restrictions...

Security Bulletin: This Power System update is being released to address CVE-2021-3505

Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...

USN-6660-1 openjdk-lts vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

USN-6660-1: OpenJDK 11 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

USN-6662-1: OpenJDK 21 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

Fedora 39 : perl-Spreadsheet-ParseXLSX (2024-5f136f5d10)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5f136f5d10 advisory. Update to latest version Security fix for CVE-2024-22368 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 38 : perl-Spreadsheet-ParseXLSX (2024-fa14bfd3b5)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fa14bfd3b5 advisory. Update to latest version Security fix for CVE-2024-22368 Tenable has extracted the preceding description block directly from the Fedora security...