556 matches found
AZL-45114 CVE-2023-35789 affecting package librabbitmq for versions less than 0.14.0-1
An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...
ALPINE-CVE-2023-35789
An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...
CVE-2023-35789
An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...
CVE-2023-35789
An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line e.g., for amqp-publish or amqp-consume and are thus visible to local attackers by listing a process and its arguments...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...
postgresql: Client memory disclosure when connecting with Kerberos to modified server
A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes...
[SECURITY] Fedora 37 Update: libmemcached-awesome-1.1.4-1.fc37
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
[SECURITY] Fedora 36 Update: libmemcached-awesome-1.1.4-1.fc36
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
Fedora: Security Advisory for libmemcached-awesome (FEDORA-2023-fd848970c4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: libmemcached-awesome-1.1.4-1.fc38
libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...
K47133310: Samba vulnerability CVE-2016-2112
Security Advisory Description The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying...
CVE-2023-25173
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...
SUSE CVE-2006-1017
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the 1 safemode or 2 openbasedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imapopen function, allow remote attackers to obtain access to ...
SUSE CVE-2008-5006
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service NULL pointer dereference and application crash by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code...
SUSE CVE-2016-2112
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream...
SUSE CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
go-saml 数据伪造问题漏洞
go-saml is a good enough SAML client library written in Go open-sourced by Robots and Pencils. A security vulnerability exists in go-saml. An attacker exploits the vulnerability to create inputs that cause hash conflicts based on control over the inputs...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-scciclient) security update
An update for python-scciclient is now available for Red Hat OpenStack Platform 16.2.4 Train director for Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2022-39292
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
Information disclosure
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...