[SECURITY] Fedora 38 Update: libqb-2.0.8-1.fc38

A "Quite Boring" library that provides high-performance, reusable features fo r client-server architecture, such as logging, tracing, inter-process communication IPC, and polling...

Arbitrary Code Execution

com.aerospike:aerospike-client is vulnerable to Arbitrary Code Execution. The vulnerability is due untrusted deserialization during client side message validation, which allows for an attacker to trick a client into connecting to a malicious server, which will then execute arbitrary code when the...

Debian dla-3458 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3458 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3458-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...

Design/Logic Flaw

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

freerdp: clients using `/parallel` command line switch might read uninitialized data

A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-29529 matrix-js-sdk vulnerable to invisible eavesdropping in group calls

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

[SECURITY] Fedora 36 Update: amanda-3.5.3-1.fc36

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to one or more tape drives or disk files. AMANDA uses native dump and/or GNU tar facilities and can back up a...

The vulnerability of the client-server application for managing power supply sources in RCCMD, related to the use of pre-installed credentials, allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of the client-server application for managing power supply sources in RCCMD is related to the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain full control over the application...

CVE-2022-3192

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6...

Input validation

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6...

CVE-2022-3192 Improper Check for Unusual or Exceptional Conditions

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6...

CVE-2022-3192 Improper Check for Unusual or Exceptional Conditions

Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6...

Design/Logic Flaw

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...