CVE-2024-23684 upokecenter CBOR Denial of Service

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

Fedora: Security Advisory for libssh (FEDORA-2023-55800423a8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2024-0639

A denial of service vulnerability due to a deadlock was found in sctpautoasconfinit in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...

openSUSE 15 Security Update : perl-Spreadsheet-ParseXLSX (openSUSE-SU-2024:0021-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0021-1 advisory. - The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs...

CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token...

CVE-2024-0555 Cross-Site Request Forgery (CSRF) vulnerability on WIC1200

A Cross-Site Request Forgery CSRF vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token...

CVE-2024-0555 Cross-Site Request Forgery (CSRF) vulnerability on WIC1200

A Cross-Site Request Forgery CSRF vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token...

OPENSUSE-SU-2024:0020-1 Security update for chromium

This update for chromium fixes the following issues: - Chromium 120.0.6099.216 boo1217839, boo1218048, boo1218302, boo1218533, boo1218719 CVE-2024-0333: Insufficient data validation in Extensions CVE-2024-0222: Use after free in ANGLE CVE-2024-0223: Heap buffer overflow in ANGLE CVE-2024-0224: Us...

EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2023-3095)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2906)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...

Security Bulletin: A vulnerability in NSS may affect IBM Robotic Process Automation for Cloud Pak and result in a remote attacker obtaining sensitive information (CVE-2023-4421).

Summary NSS is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2023-4421. Vulnerability Details CVEID:CVE-2023-4421 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote authenticated attacker to obtain sensitive...

CVE-2023-49569

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

Design/Logic Flaw

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49569

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

Path traversal

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...