Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.25 security update

Red Hat OpenShift Container Platform release 4.11.25 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...

CVE-2023-20008

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacke...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week Im in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, Ill be in New York to join a viewing party for the airing of SpringOne...

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.7.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.7.0-RC1) +10 more potentially affected by CVE-2022-23532 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.5.0.7)

org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.8.0, =1.10.0 - org.jqassistant.contrib.plugin:jqassistant-plantuml-rule-plugin =1.7.0 Source cves: CVE-2022-23532 Source advisory: OSV:GHSA-5V8V-GWMW-QW97...

CVE-2023-22400

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

Design/Logic Flaw

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

CVE-2023-22400 Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

CVE-2023-22400 Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

CVE-2023-22400

CVE-2023-22400 affects Juniper Networks Junos OS Evolved (evo-pfemand) and can cause an FPC crash/DoS due to a GUID leak triggered by specific SNMP GETs or CLI commands. Affected families include all versions before 20.4R3-S3-EVO; 21.1-EVO (21.1R1-EVO and later); all versions before 21.2R3-S4-EVO...

USN-5798-1: .NET 6 vulnerability

Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint...

This Week in Spring - January 9th, 2023

Hi, Spring fans! As I write this Im on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. Its going to be cold there. Wish me luck! Do you know what always warms me up? The thrill of learning. And this weeks no different. This week weve got some good stuff line up so...

PT-2023-2585 · Zyxel · Zyxel Nbg-418N

Name of the Vulnerable Software and Affected Versions: Zyxel NBG-418N v2 versions prior to V1.00AARP.14C0 Description: A buffer overflow vulnerability could allow a remote authenticated attacker with administrator privileges to cause denial-of-service DoS conditions by executing crafted CLI...

Cisco Content Security Management Appliance Information Disclosure (cisco-sa-esa-sma-log-YxQ6g2kG)

According to its self-reported version, the host is affected by a vulnerability in the CLI of Cisco AsyncOS for Cisco Content Security Management Appliance SMA that could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to...

The software’s vulnerability regarding centralized device management by Fortinet FortiManager and the FortiAnalyzer network switch allows a perpetrator to execute arbitrary commands. This vulnerability arises due to the lack of measures taken to neutralize special elements used in the operating system command set.

The vulnerability of the software for centralized device management of Fortinet’s FortiManager and FortiAnalyzer devices exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execut...

@pzlr/build-core (>=2.14.0 <=2.15.1-beta.1), @v4fire/cli (>=1.3.0 <=2.1.0) +3 more potentially affected by CVE-2023-26113 via collection.js (=6.7.11)

collection.js NPM version =6.7.11 is affected by a known vulnerability. The following packages have a transitive dependency on collection.js and may be impacted: - @pzlr/build-core =2.14.0, =1.3.0, =2.0.0-beta.1, =2.0.0-beta.1, =3.75.0 Source cves: CVE-2023-26113 Source advisory:...

CVE-2021-38561 vulnerabilities

Vulnerabilities for packages: terraform-provider-sendgrid, vt-cli, hey, gitleaks, dynamic-localpv-provisioner, k3d...

CVE-2021-38561 vulnerabilities

Vulnerabilities for packages: terraform-provider-sendgrid-fips, vt-cli, k3d, hey, dynamic-localpv-provisioner, dynamic-localpv-provisioner-fips, terraform-provider-sendgrid, gitleaks...

PYSEC-2022-43017

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

SUSE-SU-2022:4603-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script bsc1206337...