MiracleLinux 8 : samba-4.15.5-10.el8 (AXSA:2022-3934:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3934:09 advisory. samba: server memory information leak via SMB1 CVE-2022-32742 Tenable has extracted the preceding description block directly from the MiracleLinux security...

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

...

Low: Red Hat Security Advisory: OpenShift Virtualization 4.15.5 Images

Red Hat OpenShift Virtualization release 4.15.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which giv...

WordPress Plugin ProfilePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

UBUNTU-CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

CVE-2024-28176

Observed : CVE-2024-28176 affects the jose library (JWE) via the decryption path that decompresses plaintext, enabling potential CPU/memory exhaustion. Multiple connected advisories confirm this vulnerability across several distributions ( MiracleLinux, Alibaba Cloud Linux, TencentOS Server ) and...

CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose versions prior to 2.0.7 and 4.15.5 that could allow an attacker to exhaust resources via a specially crafted JWE with compressed plaintext...

WordPress Plugin SIGMA Lite & Lite+ Buffer Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin SIGMA Lite & Lite+ Buffer Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin SIGMA Lite & Lite+ Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

samba security, bug fix, and enhancement update

4.15.5-5 - resolves: rhbz2064325 - Fix 'create krb5 conf = yes' when a KDC has a single IP address. 4.15.5-4 - resolves: rhbz2057503 - Fix winbind kerberos ticket refresh 4.15.5-3 - related: rhbz1979959 - Fix typo in testparm output 4.15.5-2 - resolves: rhbz1979959 - Improve idmap autorid sanity...

[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35

Samba is the standard Windows interoperability suite of programs for Linux and Unix...