Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...

Verint Workforce Optimization Cross-Site Scripting Vulnerability

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, USA. The product supports workforce management, call recording, automated quality management, performance management, text and desktop analytics, and more. A cross-site scripting...

Verint Workforce Optimization Code Issue Vulnerability

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, USA. The product supports workforce management, call recording, automated quality management, performance management, text and desktop analytics, and more. A code issue vulnerabili...

CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2023-45188

The CVE-2023-45188 issue affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. Root cause: improper validation of file extensions allows a remote attacker to upload arbitrary files, which could lead to arbitrary code execution on the vulnerable system. Mitigations...

IBM Engineering Lifecycle Optimization Code Issue Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

Security Bulletin: The IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188

Summary IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188Malicious File Upload. Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details CVEID:CVE-2023-45188 DESCRIPTION: IBM Engineering Lifecyc...

Sail Further with Wiz Cost Optimization for Amazon EKS

Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives...

MGASA-2024-0195 Updated mariadb packages fix security vulnerability and bugs

Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...

Updated mariadb packages fix security vulnerability and bugs

Additional bugs were fixed in the following components: InnoDB Spider Aria Backup JSON Optimization & Tuning Plugins Galera Scripts & Clients Server For the details see the vendor site...

CVE-2023-52733

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-52733

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52761 riscv: VMAP_STACK overflow detection thread-safe

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

CVE-2023-52761

CVE-2023-52761 : In the Linux kernel, the riscv VMAP_STACK overflow detection patch (commit 31da94c25aea) adds CONFIG_VMAP_STACK support and fixes a race where two CPUs could overflow the kernel stack and corrupt each other. The changes introduce a per-CPU overflow stack lookup (via an asm macro)...