Security Bulletin:IBM Asset Data Dictionary Component uses logback-classic-1.3.0-alpha16.jar which is vulnerable to CVE-2023-6378

Summary IBM Asset Data Dictionary Component uses logback-classic-1.3.0-alpha16.jar which is vulnerable to CVE-2023-6378. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a...

[SECURITY] Fedora 38 Update: python-templated-dictionary-1.4-1.fc38

Dictionary where getitem is run through Jinja2 template...

Fedora 38 : python-templated-dictionary (2024-4bd03c989b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bd03c989b advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Fedora: Security Advisory (FEDORA-2024-f69989e7dd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-0676

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...

CVE-2024-0676

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...

Design/Logic Flaw

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...

CVE-2024-0676 Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...

CVE-2024-0676 Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...

[SECURITY] Fedora 39 Update: python-templated-dictionary-1.4-1.fc39

Dictionary where getitem is run through Jinja2 template...

Fedora 39 : python-templated-dictionary (2024-f69989e7dd)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f69989e7dd advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

PT-2024-15740 · Lamassu · Lamassu Bitcoin Atm Douro

Name of the Vulnerable Software and Affected Versions: Lamassu Bitcoin ATM Douro version 7.1 Description: The issue allows a local user to interact with the machine, retrieve stored hashes, and crack long 4-character passwords using a dictionary attack. This is due to a weak password requirement...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

GHSA-MG2X-MGGJ-6955 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

egyptianarabicdictionary.org Cross Site Scripting vulnerability OBB-3842024

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-22204

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...

PYSEC-2024-23

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...

Exploit for SQL Injection in Djangoproject Django

CVE-2022-28346 A flaw was found in the Django package, which l...

Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462

Summary IBM Asset Data Dictionary Component uses netty-codec-http2-4.1.94, netty-handler-4.1.86 and netty-handler-4.1.92 which is vulnerable to CVE-2023-44487 and CVE-2023-34462. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...