Moderate: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14...

Moderate: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OPENSUSE-SU-2023:0368-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 119.0.6045.123 boo1216978 CVE-2023-5996: Use after free in WebAudio Chromium 119.0.6045.105 boo1216783 CVE-2023-5480: Inappropriate implementation in Payments CVE-2023-5482: Insufficient data validation in USB CVE-2023-5849: Integer...

Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Apple macOS Hydra Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the Hydr...

Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

ALSA-2023:7166 Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

CVE-2023-45167

CVE-2023-45167 affects IBM AIX 7.3 (Python implementation) and VIOS 4.1. A non-privileged local user could cause a denial of service via the Python component, with the root cause tied to the AIX Python stack. IBM’s advisory notes a fix is available (python3.9.base fileset, version 3.9.18.0) and p...

The function _initProposalImpl should have access control checks to restrict who can initialize or change the implementation.

Lines of code Vulnerability details M4 - The function initProposalImpl should have access control checks to restrict who can initialize or change the implementation. poc: solidity function initProposalImplIProposalExecutionEngine impl, bytes memory initData internal onlyAuthorized Assessed type...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

Important: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Webinar: Kickstarting Your SaaS Security Strategy & Program

SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization's SaaS app stack a...

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

CVE-2023-5309 Broken Session Management in Puppet Enterprise

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations...

Enough Polynomials and Linear Algebra to Implement Kyber

I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...

Rocky Linux 9 : kernel (RLSA-2023:0334)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0334 advisory. - A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of...

Fedora 39 : chromium (2023-c890266d3f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c890266d3f advisory. update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 ---- Update to 117.0.5938.92. ---- update to 117.0.5938.88 --...

ALSA-2023:6685 Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

Rocky Linux 9 : kernel-rt (RLSA-2023:0300)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0300 advisory. - A race condition was found in the Linux kernel's watch queue due to a missing lock in piperesizering. The specific flaw exists within the handling of...