9174 matches found
Google Chrome < 114.0.5735.91 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 114.0.5735.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Out of bounds write in Swiftshader. CVE-2023-2929 - Use after free in...
Fedora: Security Advisory for libssh (FEDORA-2023-5fa5ca2043)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...
CVE-2023-33192
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...
Design/Logic Flaw
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...
CVE-2023-33192 Improper handling of NTS cookie length that could crash the ntpd-rs server
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes...
[SECURITY] Fedora 37 Update: rust-sequoia-wot-0.5.0-2.fc37
An implementation of OpenPGP's web of trust...
[SECURITY] Fedora 37 Update: rust-sequoia-sop-0.28.0-2.fc37
An implementation of the Stateless OpenPGP Interface using Sequoia...
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
Current design won't allow to update reference implementation without breaking counterfactuality
Lines of code Vulnerability details Current design won't allow to update reference implementation without breaking counterfactuality The current design of the Ambire wallet doesn't allow to update the reference implementation as doing so will break counterfactuality. Impact Ambire wallets are...
.NET 7.0 bugfix update
An update is available for dotnet7.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
SUSE-SU-2023:2304-1 Security update for rmt-server
This update for rmt-server fixes the following issues: Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixed a denial of service issue in multipart request parsing bsc1209096. Non-security fixes: - Fixed transactional...
GO-2023-1765 Leaked shared secret and weak blinding in github.com/cloudflare/circl
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
SUSE CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
Delegate uses incorrect parameter for the token amount
Lines of code Vulnerability details Delegate uses incorrect parameter for the token amount The delegate implementation uses the incorrect "amount" parameter from the JBDidPayData struct that is sent to the didPay function. Impact The implementation of the pay function in the terminal builds the...
PT-2023-23180
Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue arises when /dev/urandom or RtlGenRandom are unavailable, and c-ares uses rand to generate random numbers for DNS query ids. This approach is not a Cryptographically Secure PseudoRandom...
Ubuntu: Security Advisory (USN-6092-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
.NET 6.0 bugfix update
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...
Debian DSA-5404-1 : chromium - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5404 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...