Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2286)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2286)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs...

SUSE CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

Design/Logic Flaw

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

PT-2023-8429 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.7 Nextcloud Server versions prior to 26.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.12 Nextcloud Enterprise Server versions prior to 22.2.10.12 Nextcloud Enterprise Server versions prior to...

Nextcloud 安全漏洞

Nextcloud is Germany's Nextcloud company's set of open source self-hosted file synchronization and sharing communication application platform. A security vulnerability exists in Nextcloud Server versions 25.0.7, 26.0.2, Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7,...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Summary Multiple issues were identified in Red Hat UBI packages libcurl, openssl, gnutls, libarchive and libsepol that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of...

curl: HSTS amnesia with --parallel

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

curl: HSTS amnesia with --parallel

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...

freerdp security update

2:2.2.0-10 - Fix 'implicit declaration of function' errors 2136153, 2145139 - 2:2.2.0-9 - CVE-2022-39282: Fix length checks in parallel driver 2136151 - CVE-2022-39283: Add missing length check in video channel 2136153 - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx 2145139 -...

freerdp: clients using `/parallel` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information...

Oracle Linux 9 : freerdp (ELSA-2023-2326)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2326 advisory. - CVE-2022-39282: Fix length checks in parallel driver 2136152 - CVE-2022-39283: Add missing length check in video channel 2136154 - CVE-2022-39316,...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

freerdp: clients using `/parallel` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information...

Malicious code in parallel-workers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1 The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 npm as malicious. It is considered malicious because: - The packa...

MAL-2023-6 Malicious code in parallel-workers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis abf4ac32d4bbbf2bca51efed2166f670c707230f7da2b87c1318cbe8ca9dade1 The OpenSSF Package Analysis project identified 'parallel-workers' @ 99.99.101 npm as malicious. It is considered malicious because: - The packa...

CVE-2022-3686

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...