9179 matches found
PT-2023-23180
Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue arises when /dev/urandom or RtlGenRandom are unavailable, and c-ares uses rand to generate random numbers for DNS query ids. This approach is not a Cryptographically Secure PseudoRandom...
Ubuntu: Security Advisory (USN-6092-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
.NET 6.0 bugfix update
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...
Debian DSA-5404-1 : chromium - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5404 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in containerd
Summary Multiple vulnerabilities in containerd used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups...
External Control Of Configuration
in-toto is vulnerable to External Control of Configuration. The vulnerability exists due to the insecure implementation of the usersettings module, which allows an attacker to write configuration from the local directory and mask their activities by passing a maliciously crafted .intotorc file,...
FreeBSD : chromium -- multiple vulnerabilities (bea52545-f4a7-11ed-8290-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bea52545-f4a7-11ed-8290-a8a1599412c6 advisory. - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote...
Apple macOS AppleScript UASIsConstant SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AppleScript library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within th...
CVE-2023-2726
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-2726
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...
Google Chrome < 113.0.5672.126 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 113.0.5672.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop16 advisory. - Inappropriate implementation in WebApp Installs in Google Chrome prior to...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1927)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
chromium -- multiple vulnerabilities
Chrome Releases reports: This update includes 12 security fixes: 1444360 Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 1400905 High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 1435166...
Directory traversal
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...
Any file can be included with the pymdown-snippets extension
Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...
[SECURITY] Fedora 38 Update: libssh-0.10.5-1.fc38
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
How to Change Write Cache Disk Letter
In particular scenario, write cache disk letter need to be other letter rather than 'D'. This article descirbes how to implement this request...
Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Mobile Security for Enterprises. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WFUser class defined within the web/widget path. The issu...
GHSA-2Q89-485C-9J2X Improper random reading in CIRCL
Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...