Exploit for Cross-Site Request Forgery (CSRF) in Jetbrains Teamcity

# CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF ...Read More ...

Continue Reading
CVE-2022-28200

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, ...

Continue Reading
GO-2022-0386

Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for on ...

Continue Reading
GO-2022-0187

The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to Sca ...

Continue Reading
GO-2022-0402

A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...

Continue Reading
[SECURITY] Fedora 36 Update: golang-github-prometheus-client-1.12.2-2.fc36

This is the Go client library for Prometheus. It has two separate parts, on e for instrumenting application code, and one for creating clients that talk to t he Prometheus HTTP API.Read More ...

Continue Reading
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading
ruby:2.6 security, bug fix, and enhancement update

ruby [2.6.10-109] - Upgrade to Ruby 2.6.10. Resolves: rhbz#2088415 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 - Fix FTBFS due to an incompatible load directive. - ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy