807 matches found
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to permissions bypass, privilege escalation, key generation failure, denial of service and request smuggling due to vulnerabilities in Node.js with details below. CVE-2023-30584, CVE-2023-30585,...
CVE-2023-34213
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affect...
CVE-2023-33239
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to...
CVE-2023-34213
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affect...
Command injection
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to...
CVE-2023-34213 Second Order Command-injection Vulnerability in the Key-generation Function
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affect...
CVE-2023-34213 Second Order Command-injection Vulnerability in the Key-generation Function
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affect...
CVE-2023-33239 Second Order Command-injection Vulnerability in the Key-generation Function
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to...
CVE-2023-33239 Second Order Command-injection Vulnerability in the Key-generation Function
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to...
PT-2023-4621 · Unknown · Tn-5900 Series
Name of the Vulnerable Software and Affected Versions: TN-5900 Series firmware versions v3.3 and prior Description: The issue stems from insufficient input validation and improper authentication in the key-generation function. This could potentially allow malicious users to execute remote code on...
SUSE-SU-2023:3306-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...
cloud-init bug fix update
An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
RHEL 8 : nodejs:16 (RHSA-2023:4537)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Race Condition
tang is vulnerable to Race Conditions. A race condition exists in the Tang server functionality for key generation and key rotation, resulting in a small time window where Tang private keys become readable by other processes on the same host, which leads to disclosure of sensitive information...
Moxa EDR-810 Web RSA Key Generation Command Injection (CVE-2017-12121)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...
Race condition exists in the key generation and rotation functionality
...
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
AZL-27405 CVE-2023-1672 affecting package tang for versions less than 14-1
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...