BIT-CILIUM-PROXY-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-37535

...

CVE-2024-38527

ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...

CVE-2024-38527 Cross-site Scripting in ZenUML

ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...

UBUNTU-CVE-2024-39471

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdmav40irqidtoseq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL...

SUSE CVE-2024-36975

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1encodesequence fails, WARN is not the correct solution. 1. asn1encodesequence is not an internal function located in lib/asn1encode.c. 2. Location is known, which makes th...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

UBUNTU-CVE-2024-36975

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1encodesequence fails, WARN is not the correct solution. 1. asn1encodesequence is not an internal function located in lib/asn1encode.c. 2. Location is known, which makes th...

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

MGASA-2024-0219 Updated vte packages fix security vulnerability

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535...

The vulnerability of microprogrammed software in the programmable logic controller SIMATIC S7-200 SMART is related to the use of insufficiently random values, which allows a intruder to cause malfunctions during maintenance.

The vulnerability of microprogrammed software in the SIMATIC S7-200 SMART programmable logic controller is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to predict the IP address sequence numbers and trigger a...

RMQTT Broker Security Vulnerability

RMQTT Broker is a fully open source, highly extensible and highly available distributed MQTT message broker from RMQTT Open Source. A security vulnerability exists in RMQTT Broker version 0.4.0, which originated from a denial-of-service attack that allowed a remote attacker to conduct a...

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

CVE-2024-5687

CVE-2024-5687 affects Mozilla Firefox for Android (Firefox

CVE-2024-5687

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the Referer and Sec- headers, meaning there is the potential for incorrect...

SUSE CVE-2024-37535

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...

PT-2024-26436 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue is related to a heap-based Buffer Overflow in the yaml document add sequence function in api.c. Recommendations: For libyaml version 0.2.5, at the moment, there is no information about a newer...

CVE-2024-37535

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...

CVE-2024-37535

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...