8234 matches found
Red Hat FreeIPA Security Vulnerability
Red Hat FreeIPA is a comprehensive security information management solution. A security vulnerability exists in Red Hat FreeIPA. An attacker could exploit the vulnerability by tricking a user into submitting a request that could be executed as the user, resulting in a loss of confidentiality and...
DEBIAN-CVE-2023-6129
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
AZL-42754 CVE-2023-6129 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
AZL-78582 CVE-2023-6129 affecting package openssl-fips-provider 3.1.2-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
AZL-35085 CVE-2023-6129 affecting package openssl for versions less than 3.3.0-1
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
Design/Logic Flaw
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
UBUNTU-CVE-2023-6129
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
CVE-2023-6129
Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...
OpenSSL Vector Register Corruption Vulnerability (20240109)
OpenSSL is prone to a vector register corruption vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
OpenSSL -- Vector register corruption on PowerPC
The OpenSSL Team reports: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions...
ZTE ZXCLOUD iRAI Code Issue Vulnerability
The ZTE ZXCLOUD iRAI is a virtualization device from ZTE Corporation ZTE of China. A security vulnerability exists in ZTE ZXCLOUD iRAI. An attacker can exploit this vulnerability to place a fake DLL file in a specific directory and successfully execute malicious code...
GHSA-F8MP-X433-5WPF Arbitrary remote code execution within `wrangler dev` Workers sandbox
Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run...
Arbitrary remote file read in Wrangler dev server
Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any...
Security Bulletin: Vulnerability in Apache Tomcat affects App Connect Professional.
Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted...
The vulnerability of Mozilla browsers, related to writing beyond the buffer limit, allows attackers to execute arbitrary code.
The vulnerability of the Mozilla browser is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-50094
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...
CVE-2023-7058
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The...
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...