K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700

Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...

SUSE CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

SUSE CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

SUSE CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

CVE-2023-21429

Vulnerable component: Samsung ePDG. Issue stems from improper usage of implicit intent in ePDG prior to SMR JAN-2023 Release 1, enabling an attacker to access the SSID. Impact is limited to local access (per CVSS) with low confidentiality impact as described in the sources. Remediation: apply Sam...

UBUNTU-CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

K53244431: SSL Intercept iApp HTTP Explicit Proxy vulnerability CVE-2017-0305

SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus...

Optimizing a Web Application Security Scan for bWAPP

Today almost all organizations have an online presence, with more information accessible at the click of a mouse, making customer experiences much more frictionless. Yet the delivery of great experiences also opens the door to potential hackers intent on compromising the website and its APIs...

CVE-2022-1841

In subsys/net/ip/tcp.c , function tcpflags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero...

GHSA-Q5JV-M6QW-5G37 TensorFlow vulnerable to floating point exception in `Conv2D`

Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...

Uber Says It's Investigating a Potential Breach of Its Computer Systems

Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The company pointed to its tweeted statement when asked for comment on...

Debian: Security Advisory (DLA-3102)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rancher Labs Rancher 信息泄露漏洞

Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. An information disclosure vulnerability exists in Rancher for SUSE versions 2.5.0 through 2.5.12 and 2.6.0 through 2.6.3, which stems from the explicit...

Reddit users crowdsourcing explicit images and identities

The BBC is warned of a large photograph trading ring which operated on popular group forum site Reddit. These warnings are in relation to stolen nude photographs and other content shared without permission. In this case, even non-explicit photos are being posted alongside frequently degrading and...

[SECURITY] Fedora 35 Update: golang-github-google-wire-0.4.0-6.fc35

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

Arbitrary File Read

ruby-mysql is vulnerable to arbitrary file read. A malicious MySQL server can request local file content from a client without explicit authorization from the user if the filename specified by the server does not match with OPTLOADDATALOCALDIR...

Authorization

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

OESA-2022-1710 python-jwt security update

PyJWT is a Python library which allows you to encode and decode JSON Web Tokens JWT. \ JWT is an open, industry-standard RFC 7519 for representing claims securely between two parties. Security Fixes: PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing...

Upgraded Q -> M from 74 [1654474884998]

Judge has assessed an item in Issue 74 as Medium risk. The relevant finding follows: Protocol does not support fee-on-transfer tokens The tokenIdOrAmount established in createVault prevents buyers from exercise their option because addressthis holds less than tokenIdOrAmount due to the transfer...

AZL-9852 CVE-2022-29217 affecting package python-jwt for versions less than 2.4.0-1

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...