Hashicorp Consul vulnerable to denial of service

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

CVE-2023-1297

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

Denial of service

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

TikTok: Dom XSS and open redirect in TikTok seller endpoint

Vulnerability description not provided...

Advisory ROSA-SA-2023-2165

Software: nss 3.53.1 OS: rosa-server79 packageevrstring: 3.53.1-7.res7 CVE-ID: CVE-2023-0767 BDU-ID: 2023-01270 CVE-Crit: HIGH CVE-DESC: A vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird email client browsers is related to improper limiting of operations within the...

xorg-x11-server security and bug fix update

1.20.11-17 - Fix xvfb-run script with --listen-tcp Resolves: rhbz2172116 1.20.11-16 - CVE-2023-0494 2166973 1.20.11-15 - Follow-up fix for CVE-2022-46340 2151776 1.20.11-14 - CVE fix for: CVE-2022-4283 2151801, CVE-2022-46340 2151776, CVE-2022-46341 2151781, CVE-2022-46342 2151788, CVE-2022-46343...

EulerOS Virtualization 3.0.2.0 : systemd (EulerOS-SA-2023-1698)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete...

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2022-43919)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2022-43919 DESCRIPTION: IBM MQ could allow an authenticated attacker with authorization to craft messages to cause a denial of service. CVSS Base score: 5.3 CVSS Temporal Score: See:...

healthy-wiser.com Cross Site Scripting vulnerability OBB-3278338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-WJ6R-53F5-Q789 Duplicate Advisory: AVideo contains Command injection when embedding a video link

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgvh-p3g4-86jw. This link is maintained to preserve external references. Original Description Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Vide...

Advisory ROSA-SA-2023-2156

Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...

Ming-Soft MCMS vulnerable to SQL injection

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basictitle parameter. This issue is resolved in v5.1...

Advisory ROSA-SA-2023-2138

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...

Nextcloud Server 24.x < 24.0.9, 25.x < 25.0.3 Incorrectly-Resolved Name or Reference Vulnerability (GHSA-hhq4-4pr8-wm27)

Nextcloud Server is prone to an incorrectly-resolved name or reference vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Advisory ROSA-SA-2023-2136

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21365 BDU-ID: 2022-02011 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine i...

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

Advisory ROSA-SA-2023-2134

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-35603 BDU-ID: None CVE-Crit: LOW CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE component: JSSE. A...

Advisory ROSA-SA-2023-2133

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-2161 BDU-ID: 2021-02490 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition softwa...