244 matches found
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-006)
The version of postgresql installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-006 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...
Amazon Linux 2 : atril (ALASMATE-DESKTOP1.X-2024-006)
The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-006 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and...
Swift Mailer (abandoned) - Moderately critical - Access bypass - SA-CONTRIB-2024-006
The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides. The module could allow an attacker...
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-006)
The version of java-11-openjdk installed on the remote host is prior to 11.0.21.0.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2JAVA-OPENJDK11-2024-006 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE...
PT-2023-9787 · Openbsd · Openbsd +1
Name of the Vulnerable Software and Affected Versions: OpenBSD versions 7.3 through 7.4 before errata 006 and 7.3 before errata 020 OpenBSD version 7.3 before errata 020 Description: The issue is related to a NULL dereference when handling a malformed fastcgi request in the httpd8 service. This c...
CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)
The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)
The version of ansible installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-006 advisory. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive da...
Amazon Linux 2 : redis (ALASREDIS6-2023-006)
The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-006 advisory. Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can b...
Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-006)
The version of haproxy2 installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-006 advisory. In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write...
Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows
Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 9.5.x < 9.5.11 / 10.x < 10.0.11 / 10.1.x < 10.1.4 Drupal Vulnerability (SA-CORE-2023-006)
According to its self-reported version, the instance of Drupal running on the remote web server is 9.5.x prior to 9.5.11, 10.x prior to 10.0.11, or 10.1.x prior to 10.1.4. It is, therefore, affected by a vulnerability. - In certain scenarios, Drupal's JSON:API module will output error backtraces...
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
DEBIAN-CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
CVE-2023-38283
CVE-2023-38283 affects OpenBGPD prior to 8.1, where the BGP UPDATE handling of path attribute lengths could cause an observer (potentially distant) to reset a session. OpenBSD fixes this in 7.3 errata 006. Supported details in connected documents confirm the vulnerability scope (OpenBGPD
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...
Veritas NetBackup prior to 10.0 Privilege Escalation (VTS23-006)
The Veritas NetBackup application installed on the remote Windows host is prior to 10.0 or is missing a vendor-supplied security hotfix. It is, therefore, affected by privilege escalation vulnerability. An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup...
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2023-006)
The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0372.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2023-006 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle...
CVE-2023-0052
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
CVE-2023-0052
SAUTER Controls Nova 200–220 Series (firmware 3.3-006 and earlier) and BACnetstac 4.2.1 and earlier are affected by CVE-2023-0052 due to missing authentication for a critical function, allowing command execution without credentials. Telemetry shows Telnet and FTP are the only device-management pr...