LSN-0097-1: Kernel Live Patch Security Notice

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-3090...

SUSE CVE-2023-40575

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...

CVE-2023-41051

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

PT-2023-27763 · Vm-Memory +1 · Vm-Memory +1

Name of the Vulnerable Software and Affected Versions: vm-memory versions 0.1.0 through 0.12.1 Description: An issue was discovered in the default implementations of the VolatileMemory::get atomic ref, aligned as ref, aligned as mut, get ref, get array ref trait functions, which allows...

CVE-2023-41034 DDFFileParser in eclipse leshan is vulnerable to XXE Attacks

Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE Attacks. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if the...

RLSA-2023:4058 Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 SDK 7.0.109, Runtime 7.0.9. BZ2219633 Security Fixes: dotnet: race...

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of...

CVE-2023-41037

OpenPGP.js vulnerability (CVE-2023-41037) in Cleartext Signed Messages: versions up to 5.9.0 ignore data before the Hash: header, enabling text insertion that appears signed. Impact arises if an app verifies only verificationResult.verified and visually trusts the message; otherwise, verified dat...

CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

Ubuntu: Security Advisory (USN-6312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-34758

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses...

Input validation

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses...

CVE-2023-34758

CVE-2023-34758 affects Sliver versions 1.5.x up to 1.5.39. The issue is an improper cryptographic implementation that enables a man-in-the-middle attack when an attacker can intercept and craft responses. Public reports (Red Hat, OSV, CN, and GitHub advisories) describe the vulnerability as a cry...

CVE-2023-34758

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses...

The vulnerability of the generateKeys() function in the Node.js software platform allows a hacker to circumvent existing security restrictions.

The vulnerability of the APIgenerateKeys function in the Node.js software platform is related to discrepancies between implementation and documented design. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

CVE-2019-13689

Affected software: Google Chrome on ChromeOS. The CVE-2019-13689 issue stems from an inappropriate OS implementation that allows a remote attacker with local access and user interaction to perform arbitrary read/write via a malicious file. Impact is high (confidentiality, integrity, availability)...

CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. Chromium security severity: Critical...

CVE-2019-13690

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-306)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-306 advisory. Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications tha...

Design/Logic Flaw

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...