SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Insufficient Session Expiration Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 4.1.102 Summary: The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username SQL Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x username Authentication Bypass Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voi...

Apache Text4Shell and others update for Teradici Cloud Access Connector

HP has provided updated versions of Teradici Cloud Access Connector that remediate vulnerabilities found in Apache Commons Text Text4Shell prior to 1.10.0, Apache Commons BCEL prior to 6.6.0, Apache Commons Configuration prior to 2.7, and ESAPI The OWASP Enterprise Security API prior to 2.3.0.0...

CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

CVE-2022-23527

CVE-2022-23527 affects mod_auth_openidc for Apache 2.x. Versions prior to 2.4.12.2 are vulnerable to an Open Redirect caused by improper validation in oidc_validate_redirect_url() for logout redirect URIs that may start with a tab (\t). The issue can be mitigated by upgrading to 2.4.12.2; if upgr...

CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (restorefactory.cgi) Unauthenticated Factory Reset

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (password) Authentication Bypass

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (Index of /log) Information Disclosure

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Stored Cross-Site Scripting

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (traceroute.php) Conditional Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Unauthenticated Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (services) Authenticated Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

Nagios Core CSRF Vulnerability

Nagios Core is prone to a cross-site request forgery CSRF vulnerability, if the Apache Webserver configuration has not been changed to include SSL protection. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

Improper Control of Generation of Code ('Code Injection')

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

CVE-2022-23470

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...

Design/Logic Flaw

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...