Lucene search
K

9174 matches found

Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.38 views

Google Chrome < 114.0.5735.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 114.0.5735.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Out of bounds write in Swiftshader. CVE-2023-2929 - Use after free in...

8.8CVSS7.1AI score0.23855EPSS
Exploits2References27
OpenVAS
OpenVAS
added 2023/05/30 12:0 a.m.18 views

Fedora: Security Advisory for libssh (FEDORA-2023-5fa5ca2043)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS8AI score0.01314EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2023/05/30 12:0 a.m.37 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...

8.8CVSS7.5AI score0.23855EPSS
Exploits2References1
NVD
NVD
added 2023/05/27 4:15 a.m.31 views

CVE-2023-33192

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...

7.5CVSS7.5AI score0.00708EPSS
Exploits0References2
Prion
Prion
added 2023/05/27 4:15 a.m.20 views

Design/Logic Flaw

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...

5CVSS7.5AI score0.00708EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/27 3:53 a.m.8 views

CVE-2023-33192 Improper handling of NTS cookie length that could crash the ntpd-rs server

ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...

7.5CVSS6.7AI score0.00708EPSS
Exploits0References2
Fedora
Fedora
added 2023/05/27 1:26 a.m.11 views

[SECURITY] Fedora 37 Update: rust-sequoia-wot-0.5.0-2.fc37

An implementation of OpenPGP's web of trust...

7.1AI score
Exploits0
Fedora
Fedora
added 2023/05/27 1:26 a.m.18 views

[SECURITY] Fedora 37 Update: rust-sequoia-sop-0.28.0-2.fc37

An implementation of the Stateless OpenPGP Interface using Sequoia...

7.1AI score
Exploits0
OSV
OSV
added 2023/05/26 5:15 p.m.10 views

CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.8AI score
Exploits0References5
Code423n4
Code423n4
added 2023/05/26 12:0 a.m.11 views

Current design won't allow to update reference implementation without breaking counterfactuality

Lines of code Vulnerability details Current design won't allow to update reference implementation without breaking counterfactuality The current design of the Ambire wallet doesn't allow to update the reference implementation as doing so will break counterfactuality. Impact Ambire wallets are...

6.7AI score
Exploits0
Rockylinux
Rockylinux
added 2023/05/25 7:53 p.m.16 views

.NET 7.0 bugfix update

An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

6.7AI score
Exploits0
OSV
OSV
added 2023/05/25 1:58 p.m.5 views

SUSE-SU-2023:2304-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing bsc1209096. Non-security fixes: - Fixed transactional...

7.5CVSS6.3AI score0.0183EPSS
Exploits0References11
OSV
OSV
added 2023/05/24 3:32 p.m.29 views

GO-2023-1765 Leaked shared secret and weak blinding in github.com/cloudflare/circl

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

8.2CVSS6.2AI score0.00386EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/05/23 2:54 a.m.1 views

SUSE CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

5.9CVSS6.9AI score0.00905EPSS
Exploits0References22
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.9 views

Delegate uses incorrect parameter for the token amount

Lines of code Vulnerability details Delegate uses incorrect parameter for the token amount The delegate implementation uses the incorrect "amount" parameter from the JBDidPayData struct that is sent to the didPay function. Impact The implementation of the pay function in the terminal builds the...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.7 views

PT-2023-23180

Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue arises when /dev/urandom or RtlGenRandom are unavailable, and c-ares uses rand to generate random numbers for DNS query ids. This approach is not a Cryptographically Secure PseudoRandom...

8.6CVSS5.4AI score0.03906EPSS
Exploits3References97
OpenVAS
OpenVAS
added 2023/05/19 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-6092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.00635EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2023/05/18 7:18 p.m.17 views

.NET 6.0 bugfix update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

6.8AI score
Exploits0
OSV
OSV
added 2023/05/18 5:28 p.m.12 views

GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.43 views

Debian DSA-5404-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5404 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...

8.8CVSS8.3AI score0.29136EPSS
Exploits1References15
Rows per page
Query Builder