4420 matches found
com.infomaximum:network (>=1.1.3p8 <=1.1.3p10), com.infomaximum:platform (>=0.1.6p17 <=0.1.13p1) +11 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=11.0.10 <=11.0.15)
org.eclipse.jetty.http3:http3-qpack MAVEN version =11.0.10, =1.1.3p8, =0.1.6p17, =0.2.0, =0.2.0, =0.2.0, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.15 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...
org.eclipse.jetty.documentation:jetty-documentation (>=10.0.10 <=10.0.15), org.eclipse.jetty.http3:http3-client (>=10.0.10 <=10.0.15) +6 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=10.0.10 <=10.0.15)
org.eclipse.jetty.http3:http3-qpack MAVEN version =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =5.26.1, =5.27.0 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....
GHSA-622H-H2P8-743X JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Amulet Security Advisory for CometBFT: ASA-2023-002 Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be large for common use cases, and may affect block times and...
Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers. Key Links Download here See the user documentation to get...
CVE-2023-3920
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...
GitLab 11.2 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3920)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to loss of confidentiality
Summary The Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java...
PT-2023-26833 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 11.2 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where a maintainer could create a fork relationship between existing projects...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)
The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...
musikfest-goslar.de Cross Site Scripting vulnerability OBB-3707234
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...
Arbitrary Code Execution
Apache airflow hdfs provider package is found to be vulnerable to code execution. Incorrect documentation points users to install an incorrect pip package. Since this package is unverified, an attacker can claim this package and provide code that would be executed when this package was installed...
Paketo Buildpacks Bionic End Of Support
The Spring Boot plugins for Maven and Gradle provide the ability to build Docker images using Cloud Native Buildpacks. By default, Spring Boot uses the CNB builders provided by the Paketo Buildpacks project. What's Changed The Paketo Buildpacks project has announced that Ubuntu 18.04 Bionic-based...
CVE-2023-43635 Vault Key Sealed With SHA1 PCRs
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...
Exploit for PHP External Variable Modification in Juniper Junos
Vulnerability Scanner for Juniper CVE-2023-36845 This vulnera...
[SECURITY] Fedora 37 Update: flac-1.3.4-3.fc37
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...
Fedora: Security Advisory for python3-docs (FEDORA-2023-aeb32a843f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...