CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

K06440657: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2021-23001

Security Advisory Description The upload functionality in BIG-IP Advanced WAF and ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. CVE-2021-23001 Impact An authenticated malicious user can upload malicious files to use in...

K35255309: Linux kernel vulnerability CVE-2020-11669

Security Advisory Description An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd. CVE-2020-11669 Impact There i...

K52167636: TMM vulnerability CVE-2017-6153

Security Advisory Description Features in the BIG-IP system that utilize inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the...

K04234247: Resource Administrator or Administrator role authenticated local command execution vulnerability CVE-2021-23012

Security Advisory Description Lack of input validation for items used in system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. CVE-2021-23012 Impact In a standard BIG-IP deployment, a minor...

K45062506: Siemens Ethernet card DoS vulnerabilities CVE-2018-11451 and CVE-2018-11452

Security Advisory Description CVE-2018-11451 A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions,...

K16108: BIND vulnerability CVE-2014-8680

Security Advisory Description The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

tigervnc, xorg security update

CentOS Errata and Security Advisory CESA-2023:0675 An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which give...

Moodle 3.9.x < 3.9.19 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...

java-xmlbuilder vulnerable to XML External Entity Reference

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...

PT-2023-8558 · Sourcecodester · Simple Customer Relationship Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Customer Relationship Management System version 1.0 Description: The issue is related to the lack of protection against SQL query structure attacks in the php-scrm/login.php component of the Simple Customer Relationship...

shadow 安全漏洞

shadow is a suite of tools used to maintain Debian systems. A security vulnerability exists in shadow, which stems from the presence of some unknown functionality in the program, resulting in a denial of service...

Security Bulletin: The IBM FlashSystem 840 & IBM FlashSystem V840 products are affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID:CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability ...

GHSA-32JC-9P58-P82X Moodle Improper Access Control vulnerability

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality...

CVE-2023-0822

The affected product DIAEnergie versions prior to v1.9.03.001 contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality...

Authorization

The affected product DIAEnergie versions prior to v1.9.03.001 contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality...

CVE-2023-0822 Improper Authorization

The affected product DIAEnergie versions prior to v1.9.03.001 contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality...

CVE-2023-0822 Improper Authorization

The affected product DIAEnergie versions prior to v1.9.03.001 contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality...

PT-2023-16550 · Unknown · Diaenergie

Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.03.001 Description: The issue concerns improper authorization in the affected product, which could allow an unauthorized user to bypass authorization and access privileged functionality. Recommendations: For...

GHSA-3JFQ-742W-XG8J Users with any cluster secret update access may update out-of-bounds cluster secrets

Impact All Argo CD versions starting with v2.3.0-rc1 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges potentially controlling...