249 matches found
CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...
MGASA-2023-0319 Updated tomcat packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error cou...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update
An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Input validation
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...
CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...
CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
A former employee of the U.S. National Security Agency NSA has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022,...
CVE-2023-42795
A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information. Mitigati...
Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...
Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...
Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...
Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...
Apache Tomcat Incomplete Cleanup vulnerability
Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recyclin...
Input validation
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...
CVE-2023-40026
A flaw was found in Argo CD. For any version using Helm, using a specially crafted Helm file could reference external Helm charts handled by the same repo-server to leak values or files from the referenced Helm Chart. This issue is possible because the Helm paths were predictable. Mitigation...