[SECURITY] Fedora 38 Update: roundcubemail-1.6.3-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.3-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure

Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

Jenkins Plugin Build Failure Analyzer Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-42464

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in...

ROS-20230918-04

A vulnerability in the Poppler PDF rendering library is related to the lack of thread checking before saving the embedded main function file in pdfunite.cc. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. A vulnerability in the Poppler PDF...

CVE-2023-41084 Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device...

CVE-2023-39915

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

Input validation

NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

CVE-2023-39915 Crashes on parsing certain invalid RPKI objects

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...

CVE-2023-39915

The CVE-2023-39915 entry concerns NLnet Labs’ Routinator up to version 0.12.1, which may crash when parsing certain malformed RPKI objects. Root cause is insufficient input checking in the bcder library (the same underlying issue as CVE-2023-39914). Impact, per the citations, is availability inte...

RUSTSEC-2023-0062 BER/CER/DER decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...

Proofpoint Insider Threat Management Code Issue Vulnerability

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint USA. A code issue vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from improper checking of anomalies and allows an attacker to change t...

PT-2023-27150 · Unknown +1 · Routinator +1

Name of the Vulnerable Software and Affected Versions: Routinator versions up to and including 0.12.1 Description: The issue is caused by insufficient input checking in the bcder library, which may lead to a crash when trying to parse certain malformed RPKI objects. Recommendations: For versions ...

The vulnerability of the Crucible code-checking tool and the Fisheye code-searching tool arises from improper cleaning or releasing of resources, allowing a violator to trigger a service failure.

The vulnerability of the Crucible code-checking tool and the Fisheye code-searching tool is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2023-4921

A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...

The vulnerability of the Crucible code-checking tool, as well as the Fisheye tool for code search and comparison, relates to the disclosure of protected information, allowing attackers to expose such protected information.

The vulnerability of the Crucible code-checking tool and the Fisheye code-searching tool is related to the disclosure of protected information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

CVE-2023-40584

A flaw was found in ArgoCD, where it failed to properly validate the user-controlled tar.gz file uploaded to the repo-server component. As a result, a maliciously crafted tar.gz file sent by a low-privileged user may result in resource starvation and further denial of service of the ArgoCD server...

Heap Buffer Overflow

gpac is vulnerable heap Buffer Overflow. The vulnerability occurs due lack of bound checking to ensure that the assigned value does not exceed the allocated size of the offsettable array, which leads to Denial of Service...

Oracle Linux 7 : ovmf (ELSA-2019-2125)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2125 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing atta...