661 matches found
Fedora: Security Advisory for cups-filters (FEDORA-2023-6ca587ac4c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
PT-2023-21856 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip versions prior to 6.2 Description: Zulip is an open-source team collaboration tool with unique topic-based threading. An attacker can create a new account in the organization with an arbitrary email address in their control that's not i...
USN-6063-1: Ceph vulnerabilities
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-3979 It was discovered that Ceph incorrectly handled the volumes...
Fedora: Security Advisory for rubygem-activejob (FEDORA-2023-7002afbbb8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rubygem-activejob-7.0.4.3-1.fc37
Declare job classes that can be run by a variety of queueing backends...
[SECURITY] Fedora 38 Update: rubygem-activejob-7.0.4.3-1.fc38
Declare job classes that can be run by a variety of queueing backends...
DEBIAN-CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
SUSE SLED15: ceph / ceph-base / ceph-common / ceph-fuse / etc (SUSE-SU-2023:1581-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1581-1 advisory. Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file...
UBUNTU-CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
AZL-38998 CVE-2022-3854 affecting package ceph for versions less than 18.2.1-1
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...
AZL-39496 CVE-2022-3854 affecting package ceph for versions less than 16.2.10-3
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...
UBUNTU-CVE-2022-3854
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...
CVE-2022-3854
CVE-2022-3854: Ceph vulnerability in RGW URL processing allows an attacker to crash RGW by sending a null URL, causing DoS. Multiple connected docs corroborate the issue across Ceph deployments (RGW backend URL handling). Remediation is to upgrade Ceph to versions containing the fix (per SUSE RHC...
CVE-2022-3854
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...
SUSE CVE-2004-0494
Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...
SUSE CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
SUSE CVE-2015-5143
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...
SUSE CVE-2017-6318
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANENETCONTROLOPTION packet...