582 matches found
nodejs: integrity checks according to policies can be circumvented
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...
nodejs: integrity checks according to policies can be circumvented
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...
SUSE CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. The clfs.sys driver contains a function CreateLogFile that is used to create open and edit '.blf' base log format...
Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit
A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files. This module requires...
Oracle Linux 5 : ELSA-2016-0045-1: / kernel (ELSA-2016-00451)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-00451 advisory. - The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote...
Remote Command Execution Vulnerability in NC Cloud of UFIDA Network Technology Co.
NC Cloud is a large-scale enterprise digital platform that deeply applies new-generation digital intelligence technology and is completely based on cloud-native architecture to create an open, interconnected, converged and intelligent integrated cloud platform. A remote command execution...
CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org
rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...
CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org
rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...
AudioCodes VoIP Data Forgery Issue Vulnerability
AudioCodes VoIP is a series of desk phones from the Israeli company AudioCodes. A security vulnerability exists in AudioCodes VoIP desk phones version 3.4.4.1000 and prior versions, which stems from the validation of firmware images that only contain simple checksums for different firmware...
USN-6259-1 open-iscsi vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...
PT-2023-35500 · Git-Annex · Git-Annex
Name of the Vulnerable Software and Affected Versions: git-annex versions prior to 6.20160419 Description: A bug in git-annex exposed the checksum of annexed files to encrypted special remotes, which should not have access to this information. This issue occurred when resuming uploads to the...
AIX is vulnerable to security restrictions bypass due to curl
IBM SECURITY ADVISORY First Issued: Fri May 26 09:26:13 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to curl CVE-2022-32221...
Authorization Bypass
libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMSs recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS...
Fedora: Security Advisory for zchunk (FEDORA-2023-b41b7b1f37)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: zchunk-1.3.1-1.fc36
zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...
Fedora: Security Advisory for zchunk (FEDORA-2023-86dce75007)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: zchunk-1.3.1-1.fc38
zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file...
Adobe Substance 3D Stager 缓冲区错误漏洞
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Stager in versions 2.0.1 and earlier. The vulnerability stems from a failure to perform security checksums on parameters in a user's context,...
Fedora: Security Advisory for zchunk (FEDORA-2023-5a4fd08de9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...