11 matches found
PT-2025-10897 · Nvidia · Nvidia Riva
Name of the Vulnerable Software and Affected Versions: NVIDIA Riva versions up to and including 2.18.0 Description: The issue is related to improper access control, which could lead to escalation of privileges, data tampering, denial of service, or information disclosure. A successful exploit of...
SUSE-SU-2024:1837-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...
CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...
cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE
A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...
Mozilla Secure Open Source security review published
Mozilla Secure Open Source security review published Earlier this year we were contacted by Mozilla and notified that our application to the Mozilla Secure Open Source program was accepted and that we would be receiving a review through the SOS program. The SOS program provides security auditing,...
By hungry cryptography misuse of the actuator to bypass the defense talking about the android cryptographic vulnerability-the vulnerability warning-the black bar safety net
Cryptography is misused in the app is a big problem, almost all apk's checksum algorithm can be simulated Hungry the algorithm robustness and concealment was good, the proposed terms is in order to prove that the signature checking mechanism of the vulnerable Although presented to the hungry, but...
rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
iGuard simple break-vulnerability warning-the black bar safety net
Source:Prince InfoGuard,called iGuard,commonly known as the page file to prevent tampering,yesterday night was the stuff of the head,a good study,found a solution,record it. First give a This something to the effect of,just lost a webshell in,not killed,on the server is there,but the access time...
bios-backdoors.txt
Date: Tue, 3 Nov 1998 13:22:20 -0600 From: Paul L Schmehl To: [email protected] Subject: BIOS Backdoor Passwords I've been out of the office since posting the comments about the ineffectiveness of BIOS passwords, and I returned to find to my surprise numerous requests for informati...
Microsoft .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 Security Update x86 (KB979910)
A security issue has been identified that could allow an attacker to tamper with digitally signed content without being detected, when this content is being consumed by an application that makes use of the Microsoft .NET Framework on a Windows-based system. You can help protect your computer by...
Microsoft .NET Framework 3.5, Windows Vista SP1, and Windows Server 2008 Security Update x86 (KB979913)
A security issue has been identified that could allow an attacker to tamper with digitally signed content without being detected, when this content is being consumed by an application that makes use of the Microsoft .NET Framework on a Windows-based system. You can help protect your computer by...