Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that originates from a problem or error in the server that prevents it from processing requests or providing services properly...

CVE-2023-5617

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered...

ALSA-2024:0121 Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

PT-2023-6993 · Siemens · Scalance M826-2 Shdsl-Router +16

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE4G EU versions V8.0 RUGGEDCOM RM1224 LTE4G NAM versions V8.0 SCALANCE M804PB versions V8.0 SCALANCE M812-1 ADSL-Router versions V8.0 SCALANCE M816-1 ADSL-Router versions V8.0 SCALANCE M826-2 SHDSL-Router versions V8.0...

Tenda RX9 Pro Security Vulnerability

Tenda RX9 Pro is a wireless router from Tenda China. A security vulnerability exists in Tenda RX9 Pro Firmware version V22.03.02.20, which stems from a lack of error handling in the HTTP server component. An attacker can exploit the vulnerability to arbitrarily lock the device...

Event ID: 28 "Could not contact any Federated Authentication Servers"

Users are unable to launch Citrix sessions from a FAS enabled store and observe the error - 'Cannot start desktop '. On the StoreFront servers, we observe Event ID: 28 stating - 'Failed to launch the resource 'XXXXXX' using the Citrix XML Service at address '??'. It was not possible to select a...

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

grafana-pcp security update

3.2.0-3 - resolve CVE-2022-27664 grafana-pcp: golang: net/http: handle server errors after sending GOAWAY...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

ALSA-2023:2785 Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

Moderate: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...

SUSE CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

SUSE CVE-2021-21416

django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

...

openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:3325-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...