Security Bulletin: IBM Aspera Faspex 5.0.4 can be vulnerable to improperly unauthorized password changes

Summary IBM Aspera Faspex could allow an unauthenticated user to change another user's credentials. The unauthenticated user can get a token that then lets them change another user's password. This issue has been resolved. Vulnerability Details CVEID:CVE-2023-27875 DESCRIPTION: IBM Aspera Faspex...

CVE-2023-0681

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in t...

CURL-CVE-2023-27538 SSH connection too eager reuse still

libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were...

Advisory ROSA-SA-2023-2130

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-23 CVE-ID: CVE-2022-23521 BDU-ID: 2023-00499 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to integer...

Advisory ROSA-SA-2023-2129

Software: libksba 1.3.0 OS: rosa-server79 packageevrstring: libksba-1.3.0 CVE-ID: CVE-2022-47629 BDU-ID: 2022-07478 CVE-Crit: HIGH CVE-DESC: A vulnerability in the X.509 LibKSBA certificate function-providing library is related to an integer overflow in the CRL parser. Exploitation of the...

Advisory ROSA-SA-2023-2121

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26 CVE-ID: CVE-2022-2795 BDU-ID: 2022-06124 CVE-Crit: HIGH CVE-DESC: A vulnerability in the DNS BIND server is related to improper management of internal resources within the application when processing large delegations...

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

K000132680: systemd vulnerability CVE-2022-2526

Security Advisory Description A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks...

Security fix for the ALT Linux 10 package postgresql15 version 15.2-alt1

15.2-alt1 built Feb. 20, 2023 Alexei Takaseev in task 314938 Feb. 8, 2023 Alexei Takaseev - 15.2 Fixes CVE-2022-41862 - Conflicts: 14-1C - 15-1C...

SUSE CVE-2017-9217

systemd-resolved through 233 allows remote attackers to cause a denial of service daemon crash via a crafted DNS response with an empty question section...

SUSE CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

SUSE CVE-2017-15908

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dnspacketreadtypewindow function of the 'systemd-resolved' service and cause a DoS of the affected service...

SUSE CVE-2021-34548

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAYEND or RELAYRESOLVED to bypass the intended access control for ending a stream...

SA40208 - [Pulse Secure] Single specific file content disclosure issue (CVE-2016-4788)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from a specific file. The file contents do not contain any configuration...

SA44019 - February 26 2019 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On February 26 2019, the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. Refer to KB43892 - What releases will Pulse Secure...

SA43877 - 2018-08 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop 9.0R1/9.0R2

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure and Pulse Policy Secure 9.0R1 & Pulse Desktop Client 9.0R2 releases. These issues app...

SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4

Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS. This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. Many of these vulnerabilities...

Design/Logic Flaw

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

SUSE: Security Advisory (SUSE-SU-2022:4457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-8454

Name of the Vulnerable Software and Affected Versions systemd-resolved affected versions not specified Description The issue is related to insufficient authentication checks of messages from DNS clients in the systemd-resolved service, which manages network connections and domain name resolutions...