F5 Networks BIG-IP : GNU C Library vulnerability (K64119434)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K64119434 advisory. In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows...

The vulnerability of the GNU C Library, related to memory initialization errors, allows a perpetrator to gain access to confidential data.

The vulnerability of the GNU C Library is related to the incorrect handling of LDPREFERMAP32BITEXEC. Exploiting this vulnerability allows an attacker to access confidential data...

The vulnerability of the mpz/inp_raw.c component in the GMP arithmetic library on 32-bit platforms allows a hacker to cause a service failure.

The vulnerability of the mpz/inpraw.c component in the GMP arithmetic library on 32-bit platforms is related to integer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure...

Fedora: Security Advisory for python3.11 (FEDORA-2022-72213986b8)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GnuPG 缓冲区错误漏洞

GnuPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A security vulnerability exists in GnuPG that stems from a denial of service using...

Fedora: Security Advisory for python3.7 (FEDORA-2022-4b31e33ed0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CLSA-2022-1663183585 Fixed CVE-2022-35252 in gnupg2

CVE-2022-35252: fix buffer overflow...

The vulnerability of the netgroupcache.c component of the server caching daemon nscd in the GNU C Library allows a attacker to cause a service failure.

The vulnerability of the netgroupcache.c component, a caching daemon for system name services in the GNU C Library, is related to the repeated release of memory. Exploiting this vulnerability allows an attacker to cause service failures...

XWiki < 13.10.4, 14.0 < 14.2 Authentication Bypass Vulnerability (GHSA-8h89-34w2-jpfm)

Xwiki is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2022-36104

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

Default credentials

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...

Design/Logic Flaw

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

Cross site scripting

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

CVE-2022-36105 User Enumeration via Response Timing in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

CVE-2022-36105 User Enumeration via Response Timing in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

CVE-2022-36107

CVE-2022-36107 affects TYPO3 CMS, where the FileDumpController (backend and frontend) is vulnerable to cross-site scripting when rendering malicious files. A valid backend user is required to exploit. Remediation is to update TYPO3 to fixed ELTS versions: 7.6.58 , 8.7.48 , 9.5.37 , 10.4.32 , or 1...

CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

CVE-2022-36104

CVE-2022-36104 affects TYPO3, an open-source PHP-based CMS. An issue in the page error handling occurs when requests for invalid or non-existing resources trigger the error handler, which can retrieve content from another page, causing the application to call itself recursively. This recursion am...

CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

CVE-2022-36108 Cross-Site Scripting in typo3/cms-core

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...