Vulnerability fixed in Apache Zookeeper

The Apache Foundation has fixed a vulnerability in Zookeeper. A malicious party could exploit the vulnerability to gain access gain access to data within Zookeeper. The vulnerability is in the way peer authentication takes place. For successful misuse, the malicious party must be able to be able ...

Atlassian Confluence Server Security Vulnerability

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server that stems from an unknown...

CVE-2023-2233

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

CVE-2023-2233 Missing Authorization in GitLab

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

CVE-2023-2233 Missing Authorization in GitLab

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

CVE-2023-2233 Missing Authorization in GitLab

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects...

CVE-2023-2233

Removed by vendor...

GitLab 11.8 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-2233)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting fro...

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2023:3730-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3730-1 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5...

CVE-2023-4959

A flaw was found in Quay. Cross-site request forgery CSRF attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the...

On-Prem ADM automatic backups failure for ADC instance

ADM auto backup ADC instance operation failed. End user may haveEmail alert if email notification enabled in ADM...

CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service DoS against the Splunk Enterprise instance...

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. PoC On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not bein...

Python TLS Handshake Bypass (CVE-2023-40217)

The version of Python installed on the remote Windows host is potentially affected by a vulnerability that primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly,...

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not being a...

SUSE CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function findabstractinstance in dwarf2.c...

GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function findabstractinstance in dwarf2.c...

DEBIAN-CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function findabstractinstance in dwarf2.c...