EUVD-2024-28357

Malicious code in bioql PyPI...

Fedora: Security Advisory (FEDORA-2023-5f904f4dd4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-6b89bc0305)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b89bc0305 advisory. Contains updates to address CVE-2022-28357,41717 and also NATS: 2023-01 nats-server: Adding accounts for just the system account adds auth bypass Tenable has...

CVE-2022-28357

creationtimestamp| type| source ---|---|--- 2023-09-19 07:29:02+00:00| seen| https://t.me/cibsecurity/70697...

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

CVE-2022-28357

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account...

CVE-2022-28357

CVE-2022-28357 affects NATS nats-server; versions 2.2.0–2.7.4 allow directory traversal via an unintended path to a management action from a management account. Connected sources (OSV, NVD, GHSA, Fedora/Nessus/OpenVAS) corroborate the issue. The impact is described as directory traversal, with hi...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

CVE-2023-28357

CVE-2023-28357 affects Rocket.Chat. The vulnerability arises in the Slash Command /mute, where an ACL check occurs after confirming a user’s channel membership, allowing authenticated users to enumerate whether a username is a member of a channel they cannot access. Impact described as informatio...

CVE-2021-28357

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

CVE-2021-28357

CVE-2021-28357 is a Windows RPC Runtime Remote Code Execution vulnerability. The CVSSv3.1 base score is 8.8 (network, low privileges required, no user interaction) with HIGH impact to confidentiality, integrity, and availability. The vulnerability affects the Windows RPC Runtime and is addressed ...

KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...

KB5001389: Windows Server 2008 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - Windows Kernel Information Disclosure Vulnerability CVE-2021-27093, CVE-2021-28309 - Windows Media...

KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...