NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtx11extras Multiple Vulnerabilities (NS-SA-2023-0023)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtx11extras packages installed that are affected by multiple vulnerabilities: - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-155...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2023-0025)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

NewStart CGSL CORE 5.05 / MAIN 5.05 : tracker Vulnerability (NS-SA-2023-0020)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tracker packages installed that are affected by a vulnerability: - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2023-0030)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may all...

NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtdoc Multiple Vulnerabilities (NS-SA-2023-0018)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtdoc packages installed that are affected by multiple vulnerabilities: - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-15518 - A...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2023-0029)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability: - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-pillow Multiple Vulnerabilities (NS-SA-2023-0015)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-pillow packages installed that are affected by multiple vulnerabilities: - pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 -...

NewStart CGSL CORE 5.05 / MAIN 5.05 : cyrus-sasl Vulnerability (NS-SA-2023-0012)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cyrus-sasl packages installed that are affected by a vulnerability: - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note...

NewStart CGSL CORE 5.05 / MAIN 5.05 : atk Multiple Vulnerabilities (NS-SA-2023-0013)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has atk packages installed that are affected by multiple vulnerabilities: - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a vali...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsync Vulnerability (NS-SA-2023-0010)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsync packages installed that are affected by a vulnerability: - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The...

NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Vulnerability (NS-SA-2023-0010)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by a vulnerability: - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : gnome-tweak-tool Vulnerability (NS-SA-2023-0022)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gnome-tweak-tool packages installed that are affected by a vulnerability: - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physica...

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...

CVE-2023-26822

D-Link Go-RT-AC750 revAv101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main...

D-Link Go-RT-AC750 命令注入漏洞

The D-Link GO-RT-AC750 is a wireless dual-band simple router from China-based AUO D-Link. A security vulnerability exists in the D-Link Go-RT-AC750 revAv101b03 version, which was discovered to contain a command injection vulnerability via the service parameter of soapcgi.main...

PT-2023-2256 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 version revA v101b03 Description: The issue is related to a command injection vulnerability via the service parameter at soapcgi.main. This vulnerability can be exploited by a remote attacker to execute arbitrary commands...

PT-2023-17233 · Rockoa · Rockoa

Name of the Vulnerable Software and Affected Versions: Rockoa version 2.3.2 Description: A critical issue has been found in the Configuration File Handler component, specifically affecting the webmainConfig.php file. This issue leads to code injection and can be initiated remotely. The exploit fo...