Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predict ...
Continue Reading17 февраля, 2024
A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing dif ...
Continue Reading17 февраля, 2024
Security Advisory Description When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status the ...
Continue Reading17 февраля, 2024
Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answe ...
Continue Reading17 февраля, 2024
The security of both a TUF client and repository implementations depend on the concept of trusted Metadata objects verifying the signatures over other Metadata that it delegates to. This verification ...
Continue Reading17 февраля, 2024
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without...Read More ...
Continue Reading16 февраля, 2024
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issu ...
Continue Reading16 февраля, 2024
Summary IBM Match 360 is vulnerable to Apache Santuario used within IBM WebSphere Application Server Liberty. Apache Santuario could allow a remote authenticated attacker to obtain sensitive informati ...
Continue Reading16 февраля, 2024
Back to Main