Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in...

GHSA-4PVW-G9FX-594R Cross-site Scripting in healthcheck webconsole plugin

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

CVE-2023-38435

CVE-2023-38435 concerns the Apache Felix Healthcheck Webconsole Plugin (v2.0.2 and earlier). The vulnerability arises from an improper neutralization of input during web page generation, i.e., a reflected Cross-Site Scripting (XSS) flaw (CWE-79). This could allow an attacker to inject and execute...

CVE-2023-38435 Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting XSS attack. Upgrade to Apache Felix Healthcheck...

GHSA-59M6-82QM-VQGJ Dapr API token authentication bypass in HTTP endpoints

Summary A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10....

CVE-2022-3285

GitLab healthcheck allow-list bypass CVE-2022-3285 affects all 12.0–released versions before 15.2.5, 15.3 before 15.3.4, and 15.4 before 15.4.1. An unauthorized attacker could prevent access to GitLab. Remediation: upgrade to fixed releases (15.2.5+, 15.3.4+, 15.4.1+). Details are as disclosed in...

SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : Handle cases where other tools mount/unmount containers overlay.MountReadOnly: support RO overlay mounts overlay: use fusermount for rootless umounts overlay: fix umount Switch default log level of...

openSUSE Security Update : cni / cni-plugins / conmon / etc (openSUSE-2020-398)

This update for cni, cni-plugins, conmon, fuse-overlayfs, podman fixes the following issues : podman was updated to 1.8.0 : - CVE-2019-18466: Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator 3829 bsc1155217 -...

[SECURITY] Fedora 28 Update: pacemaker-1.1.18-3.fc28

Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...

GE MDS PulseNET HealthCheck Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the HealthCheck web service. The issue results from the lack of prop...

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...