MiracleLinux 9 : dbus-1.12.20-7.el9.1 (AXSA:2023-6323:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6323:07 advisory. dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered CVE-2023-34969 Tenable has extracted the...

EUVD-2024-54824

Malicious code in bioql PyPI...

Silicon Labs Zigbee EmberZNet SDK 安全漏洞

Silicon Labs Zigbee EmberZNet SDK is a software development kit for developing Zigbee networks from Silicon Labs, Inc. A security vulnerability exists in the Silicon Labs Zigbee EmberZNet SDK that stems from high traffic resulting in a message delivery failure that could lead to a denial of servi...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

GHSA-97F8-H76H-F297 Duplicate Advisory: Unauthenticated Nonce Increment in snow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby...

Duplicate Advisory: Unauthenticated Nonce Increment in snow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

DEBIAN-CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

snow crate 安全漏洞

snow crate is a Rust implementation of the Noise Protocol Framework by the individual developer Jake McGinty. A security vulnerability exists in snow crate versions prior to 0.9.5, which stems from the use of stateful TransportState that can lead to message delivery rejection...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

RUSTSEC-2024-0011 Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

Exploit for Insufficient Verification of Data Authenticity in Postfix

PoC for CVE-2023-51764 SMTP SMUGGLING Postfix CVE-2023-51...

SUSE-SU-2023:3394-1 Security update for postfix

This update for postfix fixes the following issues: - CVE-2023-32182: Fixed configpostfix SUSE specific script potentially bad /tmp file usage bsc1211196. - Update to from 3.7.2 to 3.7.3: - Fixes a bug where some messages were not delivered after 'warning: Unexpected record type 'X'. bsc1213515...

Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

FreeSWITCH 访问控制错误漏洞

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. An access control error vulnerability exists in FreeSWITCH versions...

Cisco Unity Connection目录遍历漏洞

Bugtraq ID:66676 CVE ID:CVE-2014-2145 Cisco Unity Connection 可以透明地将留言和语音识别组件与您的数据网络集成到一起，不间断地提供对呼叫和留言的全面访问。 Cisco Unity Connection的消息传送API在实现上存在目录遍历漏洞，这可使经过身份验证的远程用户通过.wav文件和audio/x-wav MIME类型的访问限制，利用此漏洞读取任意文件。 0 Cisco Unity Connection 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

CVE-2008-2937

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...

fetchmail security announcement 2006-03 (CVE-2006-5974)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2006-03: crash when refusing message delivered through MDA Topics: fetchmail crashes when refusing a message bound for an MDA Author: Matthias Andree Version: 1.0 Announced: 2007-01-04 Type: denial of service Impact: fetchmail aborts...