PT-2023-15828 · Unknown · Secure Os Module

Name of the Vulnerable Software and Affected Versions: Secure OS module affected versions not specified Description: The issue is related to configuration defects in the secure OS module. Successful exploitation of this defect will affect availability. Recommendations: At the moment, there is no...

CVE-2023-30948

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

Authorization

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...

CVE-2023-30948

Foundry Comments contains a vulnerability where attachments to comments were not gated by authorization checks, allowing an authenticated user to inject a known attachment UUID into other comments to view its content. Affected products: Foundry Comments versions prior to 2.249.0. Root cause: miss...

freeradius:3.0 security update

3.0.20-14 - Fix defect found by Covscan Resolves: 2151704 3.0.20-13 - Fix multiple CVEs - Add rpminspect configuration Resolves: 2151702 Resolves: 2151704 Resolves: 2151706...

freeradius security and bug fix update

3.0.21-37 - Fix defect found by covscan Resolves: 2151705 3.0.21-36 - Fix multiple CVEs Resolves: 2151705 Resolves: 2151703 Resolves: 2151707 3.0.21-35 - Rebuild to add subpackages to CRB report Resolves: 2126380...

SUSE-SU-2023:1850-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...

SUSE-SU-2023:1823-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...

The vulnerability in the built-in screenshot editor of Android operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the built-in screenshot editor in Android operating systems is related to an incorrect file saving procedure after editing and replacing the original file. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected...

MantisBT 安全漏洞

MantisBT is the Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in a web-operable format. A security vulnerability exists in Mantis Bug Tracker MantisBT versions prior to 2.25.6, which stems from inadequate acce...

SUSE CVE-2008-5903

Array index error in the xrdpbitmapdefproc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the editpos structure member...

SUSE CVE-2009-1298

The ipfragreasm function in net/ipv4/ipfragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IPINCSTATSBH with an incorrect argument, which allows remote attackers to cause a denial of service NULL pointer dereference and hang via long IP packets, possibly...

SUSE CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

SUSE CVE-2017-5545

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...

SUSE CVE-2017-5845

The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service invalid memory read and crash via a ncdt sub-tag that "goes behind" the surrounding tag...

SUSE CVE-2018-18088

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c...

SUSE CVE-2019-8906

docorenote in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused...

SUSE CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...