unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...

CVE-2023-28846

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

CVE-2023-28846 Denial of Service in unpoly-rails

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

PT-2023-1508 · Red Hat · Red Hat Single Sign-On

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On for OpenShift container images affected versions not specified Description: A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled...

Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Keycloak suffers from a security vulnerability that stems from an insecure configuration of the management interface. An attacker could use thi...

PT-2023-5836 · Inductive Automation · Inductive Automation Ignition

Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit...

K14229426: BIG-IP SSL vulnerability CVE-2022-29491

Security Advisory Description When a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other server/client, undisclosed requests can cause the TMM process to terminate. CVE-2022-29491 Impact Traffic is disrupted while the TMM process restarts. This vulnerabili...

CVE-2023-23781

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...

CVE-2023-23781

CVE-2023-23781 — FortiWeb stack-based buffer overflow in FortiWeb SAML server configuration. Affected are FortiWeb 7.0.1 and below, FortiWeb 6.4 all versions, and FortiWeb 6.3.19 and below. The vulnerability (CWE-121) can allow an authenticated attacker to achieve arbitrary code execution by proc...

SUSE CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

SUSE CVE-2018-11769

CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...

CVE-2023-25171

Kiwi TCMS before version 12.0 does not implement rate limiting, enabling potential denial-of-service on the Password reset page by flooding with emails and straining SMTP resources. The issue is mitigated by upgrading to v12.0 or later. Workarounds include deploying a rate-limiting proxy in front...

GHSA-4JRM-C32X-W4JF convict vulnerable to Prototype Pollution

Impact An attacker can inject attributes that are used in other components An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling server-side configurations written by the admins owning the server...

Transmission for YunoHost 路径遍历漏洞

Transmission for YunoHost is a YunoHost transmission package from the individual developers of YunoHost-Apps. A path traversal vulnerability exists in the YunoHost-Apps Transmission for YunoHost, which originates from an unknown function in the file conf/nginx.conf that is manipulated to cause pa...

reject_remote_clients Configuration corruption

On Windows, configuring a named pipe server with pipemode will force ServerOptions::rejectremoteclients as false. This drops any intended explicit configuration for the rejectremoteclients that may have been set as true previously. The default setting of rejectremoteclients is normally true meani...

CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

Tenda TX3 缓冲区错误漏洞

Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the list parameter of /goform/SetVirtualServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...

Tenda TX3 缓冲区错误漏洞

Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the startIp parameter of /goform/SetPptpServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...

PT-2022-26710 · Tenda · Tenda Tx3

Name of the Vulnerable Software and Affected Versions: Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the endIp parameter at the "/goform/SetPptpServerCfg" API endpoint. Recommendations: For Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01,...