CVE-2024-47181

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Golang Go [CVE-2024-24789]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Golang Go, caused by a flaw with EOCDR comment length handling is inconsistent with other ZIP implementations in the archive/zip package. CVE-2024-24789. Golang Go is used by our Speech Service...

CVE-2025-21509

CVE-2025-21509 affects Oracle JD Edwards EnterpriseOne Tools (Web Runtime SEC). Vulnerable if using prior to 9.2.9.0; an attacker with network access over HTTP and low privileges can cause a hang or frequent crash (DoS) in JD Edwards EnterpriseOne Tools. Exploitation vector is HTTP over the netwo...

BIT-NODE-MIN-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...

CVE-2024-47181

Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL...

PT-2024-32463 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to the next release after 4.9 Description: The issue is related to an unaligned memory access in the Contiki-NG operating system, specifically in its two RPL implementations. This can be triggered when an IPv6 packet...

Fortinet Fortigate Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks) (FG-IR-21-071)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-071 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't...

[SECURITY] Fedora 39 Update: apache-commons-io-2.11.0-5.fc39

Commons-IO contains utility classes, stream implementations, file filters, and endian classes. It is a library of utilities to assist with developing IO functionality...

Fedora: Security Advisory (FEDORA-2024-c5152808e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RISC Zero zkVM notes on zero-knowledge

RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

PT-2024-25995 · W3C · Xml Signature Syntax/Processing

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

CVE-2024-34581

CVE-2024-34581 concerns the XML Signature Syntax and Processing (XMLDsig) RetrievalMethod usage, where SSRF risks may arise in implementations that process KeyInfo/RetrievalMethod data. The initial description notes that mitigations were added in XMLDsig 1.1 and 2.0 via a Best Practices document....

SUSE-SU-2024:1498-2 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

UBUNTU-CVE-2024-38394

DISPUTED Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel...

Updated golang packages fix security vulnerabilities

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

CVE-2021-47317

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 "bpf: Rename BPFXADD and prepare to encode other atomics in .imm" converted BPFXADD to BPFATOMIC and added a way to distinguish instructions based on the...

Improper Input Validation

github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to a misalignment in the behavior of zip implementations, which can be exploited to create zip files with varying contents based on the implementation reading the file...

UBUNTU-CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

RHEL 6 : tomcat5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: security manager bypass via IntrospectHelper utility function CVE-2016-5018 - The Realm...