The vulnerability of the WSGI-server gevent.pywsgi library from Python’s Gevent module allows attackers to influence the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the WSGI-server gevent.pywsgi library from Python’s Gevent is related to insufficient validation of executed requests. Exploiting this vulnerability could allow a malicious actor to influence the integrity, availability, and confidentiality of the protected information...

Juniper Networks Junos OS Evolved Security Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. A security vulnerability exists in Juniper Networks Junos OS Evolved, which arises from a communication channel improperly restricted to intended endpoints vulnerability in the NetworkStack agent daemon...

Code injection

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

CVE-2023-40451

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-007)

The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-007 advisory. 2024-01-19: CVE-2022-48566 was added to this advisory. A flaw was found in python. In algorithms with quadratic...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-003)

The version of postgresql installed on the remote host is prior to 11.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL11-2023-003 advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2023-004)

The version of postgresql installed on the remote host is prior to 12.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-004 advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-003)

The version of postgresql installed on the remote host is prior to 13.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2023-003 advisory. A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let...

CVE-2023-41309

CVE-2023-41309 affects Huawei/HarmonyOS, with a privilege-control flaw in the MediaPlaybackController module that can impact availability. The CN/ENVID sources (CNNVD, RH, NVD, CVE list) identify HarmonyOS as affected; specific affected versions per CNNVD include 4.0.0, 3.1.0, 3.0.0, 2.0.1 and 2....

CVE-2023-40625

S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...

CVE-2023-40623

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

Authorization

S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...

CVE-2023-40623 Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

Amazon Linux 2 : OpenEXR (ALAS-2023-2241)

The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2241 advisory. There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted...

Medium: OpenEXR

Issue Overview: There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. CVE-2021-3479 Affected...

CVE-2022-34038

A flaw was found in the etcd package. Affected versions of etcd allow remote attackers to cause a denial of service via the PageWriter.write function in pagewriter.go, possibly affecting system availability. Mitigation Mitigation for this issue is either not available or the currently available...

CVE-2020-18768

A heap-based buffer overflow exists in libtiff in TIFFmemcpy. This flaw allows an attacker to craft a specific TIFF file, possibly causing a denial of service that results in a loss of the system’s availability...

CVE-2022-47696

A NULL pointer vulnerability was found in binutils in the 'comparesymbols' function. This flaw allows an attacker to craft a specific payload, possibly causing a denial of service that results in a loss of the system's availability...

CVE-2022-47008

A memory leak was found in binutils in the maketempdir and maketempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...