CVE-2023-52238

A vulnerability has been identified in RUGGEDCOM RST2228 All versions V5.9.0, RUGGEDCOM RST2228P All versions V5.9.0. The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC...

Siemens RUGGEDCOM 信息泄露漏洞

Siemens RuggedCom ROS is an operating system from Siemens, Germany, used in the RuggedCom series of switches. An information disclosure vulnerability exists in Siemens RUGGEDCOM ROS, which can be exploited by an attacker to retrieve a MACSEC key and access decrypt Ethernet frames sent by an...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OESA-2024-1793 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ecbhfremove static void ecbhfremovestruct pcidev dev ... struct ecbhfpriv priv = netdevprivnetdev;...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...

CLSA-2024-1719933179 kernel: Fix of 20 CVEs

net: iptunnel: make sure to pull inner header in iptunnelrcv CVE-2024-26882 - net: Set true network header for ECN decapsulation CVE-2024-26882 - media: dvb-core: Fix use-after-free due to race at dvbregisterdevice CVE-2022-45884 - media: dvbdev: fix error logic at dvbregisterdevice...

nghttp2 security update

1.33.0-6.1 - fix CONTINUATION frames DoS CVE-2024-27316 1.33.0-6 - fix CONTINUATION frames DoS CVE-2024-28182...

RHEL 8 : nghttp2 (RHSA-2024:4252)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4252 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS...

Important: Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9

Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

PT-2024-18881 · Qualcomm · Snapdragon +105

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns information disclosure when handling Multi-link IE in a beacon frame. No details are provided about the estimated number of potential...

PT-2024-7168 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to a buffer overflow in the Qualcomm embedded platform software, which can cause a transient denial of service DOS when parsing probe respon...

CVE-2024-28182

...

Admiror Frames Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0, which stems from vulnerability to a server-side request forgery attack that allows an attacker to access local files or server pages...

Admiror Frames Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0 that originates from allowing an unauthorized attacker to retrieve the location of the web root folder...

Admiror Frames Security Vulnerability

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! Admiror Frames versions prior to 5.0, which stems from a script in the extension that does not specify the content type, and could allow an attacker to embed HTML tags...

CVE-2023-42011

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508...