Berkeley-AL20, Berkeley-BD Security Vulnerabilities

[SECURITY] Fedora 37 Update: php-oojs-oojs-ui-0.43.2-1.fc37

OOjs UI (Object-Oriented JavaScript =EF=BF=BD=EF=BF=BD=EF=BF=BD User Interf ace) is a library that allows developers to rapidly create front-end web applications that operate consistently across a multitude of...

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google's Chrome, Apple's Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what's known as a root certificate authority, a powerful spot in the...

CVE-2022-39037

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system...

CVE-2022-39036

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt...

CVE-2022-39038

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt...

CVE-2022-39037

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system...

Unrestricted file upload

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt...

Authentication flaw

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt...

Path traversal

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system...

CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt...

(RHSA-2022:7790) Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2022:7643) Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

bind9.16 security update

An update is available for bind9.16. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the Domain....

Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

CVE-2022-40263

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...

Security update for the Linux Kernel (important)

An update that solves 15 vulnerabilities, contains 12 features and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking...

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

On Tuesday, November 1, 2022, the OpenSSL project released a new version of OpenSSL with version 3.0.7. This update patches two buffer overflow vulnerabilities which can be triggered in X.509 certificate verification. These vulnerabilities only apply to OpenSSL 3.x. Both these vulnerabilities...

CentOS: Security Advisory for bind (CESA-2022:6765)

The remote host is missing an update for...

bind security update

CentOS Errata and Security Advisory CESA-2022:6765 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

Debian: Security Advisory (DLA-3159)

The remote host is missing an update for the...

[SECURITY] [DLA 3159-1] libbluray bugfix update

Debian LTS Advisory DLA-3159-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 25, 2022 https://wiki.debian.org/LTS Package : libbluray Version : 1:1.1.0-1+deb10u1 Debian...

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a.....

CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

Code injection

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

Code injection

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

CVE-2022-41836 BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

K30425568 : Overview of F5 vulnerabilities (October 2022)

Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated....

CVE-2022-41691 BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K47204506)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.7 / 16.1.3.1 / 17.0.0.1 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K47204506 advisory. When an 'Attack Signature False Positive Mode' enabled security policy is configured on a...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K02694732)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.2. It is, therefore, affected by a vulnerability as referenced in the K02694732 advisory. When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd...

K47204506 : BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

Security Advisory Description When an "Attack Signature False Positive Mode" enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. (CVE-2022-41836) Impact Traffic is disrupted while the bd process restarts. This vulnerability allows.....

K02694732 : BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41691

Security Advisory Description When an F5 BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. (CVE-2022-41691) Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote...