5122 matches found
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
Wireshark Denial of Service Vulnerability (CNVD-2023-62294)
Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...
CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
Design/Logic Flaw
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
UBUNTU-CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
CVE-2022-3725
CVE-2022-3725 affects Wireshark 3.6.0–3.6.8, causing a crash in the OPUS protocol dissector that can lead to denial of service via crafted captures or packet injection. Connected sources confirm the vulnerability’s presence in Wireshark and cite remediation guidance requiring an upgrade. Practica...
PT-2022-23893 · Wireshark +3 · Wireshark +3
Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.8 Description: The issue is related to a crash in the OPUS protocol dissector, which allows for denial of service via packet injection or crafted capture file. This can be exploited by injecting packets or...
CVE-2022-3725
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...
CVE-2022-43418
A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Katalon Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
PT-2022-26902 · Jenkins · Jenkins Katalon Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.32 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturin...
CVE-2022-43417
Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
PT-2022-26903 · Jenkins · Jenkins Katalon Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.33 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...
USN-5205-1: Tcpreplay vulnerabilities
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. CVE-2018-13112 It was discovered that Tcpreplay...