1756-EN2TRXT Series A, B Security Vulnerabilities

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-44487 affecting package coredns for versions less than 1.11.1-1

CVE-2023-44487 affecting package coredns for versions less than 1.11.1-1. A patched version of the package is...

CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16

CVE-2023-44487 affecting package node-problem-detector for versions less than 0.8.10-16. A patched version of the package is...

CVE-2023-44487 affecting package multus for versions less than 3.8-12

CVE-2023-44487 affecting package multus for versions less than 3.8-12. A patched version of the package is...

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...

CVE-2023-29400 affecting package golang for versions less than 1.20.7-1

CVE-2023-29400 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9

CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9. A patched version of the package is...

CVE-2023-39325 affecting package opa for versions less than 0.50.2-6

CVE-2023-39325 affecting package opa for versions less than 0.50.2-6. A patched version of the package is...

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12. A patched version of the package is...

CVE-2023-44487 affecting package kubevirt for versions less than 0.59.0-9

CVE-2023-44487 affecting package kubevirt for versions less than 0.59.0-9. A patched version of the package is...

CVE-2023-44487 affecting package jx for versions less than 3.2.236-13

CVE-2023-44487 affecting package jx for versions less than 3.2.236-13. A patched version of the package is...

CVE-2023-44487 affecting package influxdb for versions less than 2.6.1-11

CVE-2023-44487 affecting package influxdb for versions less than 2.6.1-11. A patched version of the package is...

CVE-2022-41725 affecting package golang for versions less than 1.19.5-1

CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...

CVE-2023-24539 affecting package golang for versions less than 1.20.7-1

CVE-2023-24539 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1

CVE-2023-29405 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2022-41724 affecting package golang for versions less than 1.19.6-1

CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is...

CVE-2023-24534 affecting package golang for versions less than 1.20.7-1

CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

CVE-2023-39533 affecting package golang for versions less than 1.19.12-1

CVE-2023-39533 affecting package golang for versions less than 1.19.12-1. A patched version of the package is...

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

CVE-2023-39325 affecting package golang for versions less than 1.20.7-2. A patched version of the package is...

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2

CVE-2023-45853 affecting package cloud-hypervisor for versions less than 32.0-2. A patched version of the package is...

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15. A patched version of the package is...

CVE-2024-6375

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-6375 Missing authorization check may lead to shard key refinement

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...

CVE-2024-6375 Missing authorization check may lead to shard key refinement

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...

CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-21482 Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-21482 Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2023-43554 Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services

Memory corruption while processing IOCTL handler in...

CVE-2023-43554 Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services

Memory corruption while processing IOCTL handler in...

Advisory ROSA-SA-2024-2444

Software: xdg-utils 1.1.3 OS: ROSA-CHROME package_evr_string: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially...

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....

CVE-2024-38953

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php...

CVE-2024-6050

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....

CVE-2024-6050

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...

CVE-2024-38953

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php...

Advisory ROSA-SA-2024-2442

software: usbredir 0.8.0 OS: ROSA-CHROME package_evr_string: usbredir-0.8.0-4 CVE-ID: CVE-2021-3700 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A post-release exploit vulnerability was discovered in usbredir in usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when...

Advisory ROSA-SA-2024-2440

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 package_evr_string: openssh-8.0p1 CVE-ID: CVE-2019-16905 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: OpenSSH, when compiled with an experimental key type, has an integer overflow before authentication if the client or server is configured to use a...

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....

Advisory ROSA-SA-2024-2439

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 package_evr_string: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert() function....

romo.com Cross Site Scripting vulnerability OBB-3939839

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dorsetthotels.com Cross Site Scripting vulnerability OBB-3939838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6050 Reflected XSS in SOWA OPAC

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...

CVE-2024-6424

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...

CVE-2024-39853

adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...