HCL Technologies BigFix OSD 加密问题漏洞

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. for operating system deployment. A security vulnerability exists in the HCL Technologies BigFix OSD that stems from the server using an insecure encryption algorithm...

PT-2023-21474 · Unknown · Osd Bare Metal Server

Name of the Vulnerable Software and Affected Versions: OSD Bare Metal Server affected versions not specified Description: The issue concerns the use of a cryptographic algorithm in the OSD Bare Metal Server that is no longer considered sufficiently secure. Recommendations: At the moment, there is...

CVE-2023-2828

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

DEBIAN-CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

Design/Logic Flaw

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

CVE-2023-2828

CVE-2023-2828 concerns the BIND 9 DNS server’s named component. The vulnerability stems from the cache-cleaning logic: when the resolver is queried for specific RRsets in a certain order, the configured max-cache-size can be exceeded, potentially causing memory exhaustion. Affected are multiple B...

CVE-2023-2828 named's configured cache size limit can be significantly exceeded

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Bind vulnerabilities (USN-6183-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6183-1 advisory. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A...

Code injection

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

Synology Router Manager (SRM) 1.2.x Multiple Vulnerabilities (Synology-SA-20:14)

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

CVE-2022-43949

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

Design/Logic Flaw

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

CVE-2022-43949

CVE-2022-43949 affects Fortinet FortiSIEM prior to 6.7.1, where the use of a broken or risky cryptographic algorithm (CWE-327) enables a remote unauthenticated attacker to perform brute force attacks on GUI endpoints by exploiting outdated hashing methods. The issue is documented across multiple ...

CVE-2022-43949

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

CVE-2022-43949

A use of a broken or risky cryptographic algorithm CWE-327 in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods...

EulerOS Virtualization 3.0.6.0 : binutils (EulerOS-SA-2023-2207)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-381...