AlmaLinux 9 : samba (ALSA-2023:4325)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4325 advisory. - A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured server signing = required or f...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Server side request forgery (ssrf)

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd or who is in control of the sproxyd...

Authorization

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Moxa MB3xxx Series Protocol Gateways Use of a Broken or Risky Cryptographic Algorithm (CVE-2019-9095)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. This plugin only works with...

Oracle Linux 9 : samba (ELSA-2023-4325)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4325 advisory. 4.17.5-103.0.1 - Fix memleak in nsswinbindinitgroupsdyn Orabug: 34994509 4.17.5-103 - resolves: rhbz2223600 - Fix trust relationship between workstation and DC ...

PT-2023-20644 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to the integrated oAuth Authorization Service, where functions with insufficient randomness were used to generate authorization tokens. This made authorization codes...

Samba 4.16.x < 4.16.10 / 4.17.x < 4.17.9 / 4.18.x < 4.18.4 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.16.x prior to 4.16.10, 4.17.x prior to 4.17.9, or 4.18.x prior to 4.18.4. It is, therefore, potentially affected by multiple vulnerabilities, including the following: - An out-of-bounds read error was found in Samba due to insufficient length...

Sydent does not verify email server certificates

Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...

GHSA-P6HW-WM59-3G5G Sydent does not verify email server certificates

Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...

CVE-2023-32427

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2023-32427

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

Information disclosure

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2023-32427

CVE-2023-32427 affects Apple Music on Android (pre-4.2.0). The issue allowed a privileged network attacker to intercept unencrypted network traffic; remediation was to enforce HTTPS for data in transit in the 4.2.0 Android release. Exploitation details are not provided in the connected documents.

CVE-2023-32427

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic...

Apple Music 安全漏洞

Apple Music is a music software program from Apple Inc. in the United States. A security vulnerability exists in Apple Music for Android version 4.2.0, which stems from the fact that an attacker with a privileged network position may be able to intercept network traffic...

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

FSMLabs TimeKeeper 安全漏洞

FSMLabs TimeKeeper is a platform from FSMLabs, Inc. that provides enterprise-grade time allocation, clock synchronization and monitoring. A security vulnerability exists in FSMLabs TimeKeeper versions 8.0.17 through 8.0.28, which stems from a getsamplebacklog call that can be found by interceptin...

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching...

DEBIAN-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...