3370 matches found
CVE-2024-7884
When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...
PT-2024-38658 · Ic Cdk · Ic Cdk
Name of the Vulnerable Software and Affected Versions: ic cdk versions 0.8.0 through 0.15.0 Description: A bug in the polling implementation of the CallFuture allows multiple references to be held for the internal state and not all references were dropped before the Future is resolved, causing a...
Medium: runc
Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Issue Correction: Run dnf update runc --releasev...
CVE-2024-5148 Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...
CISA and Partners Release Advisory on RansomHub Ransomware
Today, CISA—in partnership with the Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and Department of Health and Human Services HHS—released a joint Cybersecurity Advisory, StopRansomware: RansomHub Ransomware. This advisory provides network...
Amazon Linux 2 : runc (ALASDOCKER-2024-043)
The version of runc installed on the remote host is prior to 1.1.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-043 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
Driver Disk for Qlogic qla2xxx 10.02.12.01_k - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR
Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Qlogic's qla2xxx driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- qla2xxx| Fibre Channel HBA/Storage Controller|...
Moodle 4.4.x < 4.4.2 Improper Access Control Vulnerability (MSA-24-0031)
Moodle is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...
CVE-2024-40743
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...
CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...
BIT-HUBBLE-RELAY-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
BIT-CILIUM-OPERATOR-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
BIT-CILIUM-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
Security Bypass
github.com/cilium/cilium is vulnerable to Security Bypass. The vulnerability is due to improper implementation of match precedence in Gateway API HTTPRoutes and GRPCRoutes, where request headers are matched before request methods. It allows an attacker to exploit the incorrect request handling...
GHSA-QCM3-7879-XCWW Gateway API route matching order contradicts specification
Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...
CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
PT-2024-29984 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.0 through 1.15.7 Cilium version 1.16.0 Description: The Gateway API HTTPRoutes and GRPCRoutes in Cilium do not follow the match precedence specified in the Gateway API specification. Request headers are matched before...