Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that originates from a valid post-life cycle...

Use After Free

libassimp.so is vulnerable to Use After Free. The vulnerability is caused by a defect in a function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp which can lead to application crash resulting in Denial Of Service DOS...

Weak Authentication

org.eclipse.jetty, jetty-openid is vulnerable to Weak Authentication. The vulnerability is caused by a logical programming defect in the validateRequest function in the OpenIdAuthenticator.java class which allows current requests to still proceed even when LoginService does return that the...

Important: kernel-livepatch-5.10.179-168.710

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

CVE-2023-30952

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...

CVE-2023-30958

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

Design/Logic Flaw

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...

CVE-2023-30952

Foundry Issues (Palantir) contains a vulnerability where attackers could craft phishing links by modifying the request payload during Issue creation. The flaw affects the Foundry Issues frontend and was fixed in Frontend release 6.228.0. The CVE describes a parameter-injection style issue enablin...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

CVE-2023-30958

CVE-2023-30958: Foundry Frontend is affected by a DOM-based XSS vulnerability in the Developer mode dashboard (via redirect GET parameter) that could occur if CSP is bypassed. Root cause involves DOM XSS conditions when CSP protections are bypassed. The issue is resolved in Foundry Frontend 6.225...

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0...

PT-2023-23086 · Foundry · Foundry Frontend

Name of the Vulnerable Software and Affected Versions: Foundry Frontend versions prior to 6.225.0 Description: A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's Content Security Policy CSP were to be bypassed...

CVE-2023-30956

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...

CVE-2023-30960

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

Code injection

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...

Cross site scripting

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...

Design/Logic Flaw

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-22835

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...

CVE-2023-22835

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Found...