Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.
368f11f426f1205aedb9e9e32368a16535dc11bd60351066e6f6664ec36b85b9Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release.
5a3a88ef6433e97bcab0efa1ed60c6197e4ada9d9d30bc1c47437bf89b97f276OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
da2d4328b6f51310c2a5be6d36b60d1aa6c91e556e13bd98db91a0808753e340Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
dc6419bae3374862f7e099238c6f62915d628b60e52c658d5d47d2442058067eUbuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
263643db87a6432edb065900eea41c3a1d8ae0e9c08508a673c02ef018cf394aA single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
5231a89077e6f3acf7d704bf699a2012bd1f949a0d291b1104b455e12e90fb07This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
517cb3bdebea0c5e8bc6b809e873babc0faf56250fbc150da2e1a5d269f4e7b7Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
c72593cd020b70c074deb6be89fd467cc478f83334792bd3c97e0f5753dae9cdWordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
a97e941dbe9a61933dee7deb046c9e9a1bbf565a1e2bda9458912a1212b1a57dFuelflow version 1.0 suffers from a remote SQL injection vulnerability.
f20df871b015a83f2890d65c542097b8e2ef692547a8a6b09c7f09efd6242502Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
c31a439fa6efc6f45ddf70895ddbcdb15a0d2f1e6ccdfe2e0e752da89b5c1bb2ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.
e3baa15b97468f1a53ed93305b65d681ec3ea083d106863615e6c678b4218084This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.
1b2f050c027e1bfe9702c6a2a927a78ccba6ef0043e76bbe3a63de1a54eaecc8Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.
a332284d2f3bdc79b2b6b5265feec719075fbd402552f58befbda3969ae1dff8Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
c3a86bc78c63a25e4ac74334785c63b0e2bc69199f68a3ec15a6dba2ab612f85WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.
ce9033c8a5d4008525f16f7aed4391e201358d977f4356f22c00babfa8102d79Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.
d1bdf47cb8160404fe1823442680fae112d3f1c54d5ff3b387c3907fd6f7cc8dRed Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.
0f7f8ac638ae202d360cdddceaddb107b040768f6ecfa6ed1ba97bf3cd508639
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed