Exploit for Cross-Site Request Forgery (CSRF) in Jetbrains Teamcity

# CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF ...Read More ...

Continue Reading

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, ...

Continue Reading

Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for on ...

Continue Reading

The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to Sca ...

Continue Reading

A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...

Continue Reading
[SECURITY] Fedora 36 Update: golang-github-prometheus-client-1.12.2-2.fc36

This is the Go client library for Prometheus. It has two separate parts, on e for instrumenting application code, and one for creating clients that talk to t he Prometheus HTTP API.Read More ...

Continue Reading
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading
ruby:2.6 security, bug fix, and enhancement update

ruby [2.6.10-109] - Upgrade to Ruby 2.6.10. Resolves: rhbz#2088415 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 - Fix FTBFS due to an incompatible load directive. - ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy