6095 matches found
HYPR Backlink Vulnerability
HYPR is a security application from HYPR that implements password-less security. A security vulnerability exists in HYPR Workforce Access prior to version 8.7 that stems from an incorrectly resolved file access link that allows a user to take control of a file name...
OPENSUSE-SU-2024:0016-1 Security update for opera
This update for opera fixes the following issues: opera was updated to 106.0.4998.28 CHR-9566 Update Chromium on desktop-stable-120-4998 to 120.0.6099.200 DNA-113161 Weather 'Weather Location' description is almost invisible in dark mode DNA-113351 'Previous tile' should be the same size as 'next...
Advisory ROSA-SA-2023-2316
Software: libgcrypt 1.8.5 OS: ROSA Virtualization 2.1 packageevrstring: libgcrypt-1.8.5-7.rv3.src.rpm CVE-ID: CVE-2021-40528 BDU-ID: 2022-00593 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation ...
CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
DEBIAN-CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
AZL-32271 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-13
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
AZL-43171 CVE-2023-7008 affecting package systemd for versions less than 255-20
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
Design/Logic Flaw
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
UBUNTU-CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
CVE-2023-7008 Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
CVE-2023-7008
CVE-2023-7008 affects systemd-resolved in systemd by allowing DNSSEC-signed domains to be accepted even when unsigned, enabling record manipulation by an attacker via MITM or upstream resolver. Connected advisories confirm a fix is available in patched systemd packages (e.g., Debian 247.3-7+deb11...
systemd security vulnerability
systemd is a Linux-based system and service manager from the individual developer Lennart Poettering in Germany. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in systemd...
SUSE CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
CVE-2023-7008
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. Mitigation Mitigation for this issue is either not...
Advisory ROSA-SA-2023-2304
software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...
Advisory ROSA-SA-2023-2299
Software: grafana 7.3.6 OS: ROSA Virtualization 2.1 packageevrstring: grafana-7.3.6-2.el8.src.rpm CVE-ID: CVE-2020-27846 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A signature verification vulnerability exists in cookiejam/saml. This flaw allows an attacker to bypass SAML authentication. The...
CVE-2023-40055
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227...
Advisory ROSA-SA-2023-2285
software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...