NewStart CGSL MAIN 6.06 : dnsmasq Vulnerability (NS-SA-2023-0141)

The remote NewStart CGSL host, running version MAIN 6.06, has dnsmasq packages installed that are affected by a vulnerability: - A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially...

NewStart CGSL MAIN 6.06 : python-lxml Multiple Vulnerabilities (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The urllib3...

NewStart CGSL MAIN 6.06 : curl Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has curl packages installed that are affected by multiple vulnerabilities: - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might mak...

NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2023-0135)

The remote NewStart CGSL host, running version MAIN 6.06, has sudo packages installed that are affected by a vulnerability: - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer...

NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)

The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...

NewStart CGSL MAIN 6.06 : sysstat Vulnerability (NS-SA-2023-0138)

The remote NewStart CGSL host, running version MAIN 6.06, has sysstat packages installed that are affected by a vulnerability: - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures...

NewStart CGSL MAIN 6.06 : python-jinja2 Multiple Vulnerabilities (NS-SA-2023-0137)

The remote NewStart CGSL host, running version MAIN 6.06, has python-jinja2 packages installed that are affected by multiple vulnerabilities: - psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts syste...

NewStart CGSL MAIN 6.06 : c-ares Vulnerability (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has c-ares packages installed that are affected by a vulnerability: - c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet wit...

NewStart CGSL MAIN 6.06 : tar Vulnerability (NS-SA-2023-0135)

The remote NewStart CGSL host, running version MAIN 6.06, has tar packages installed that are affected by a vulnerability: - GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has no...

NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2023-0134)

The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple vulnerabilities: - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier...

NewStart CGSL MAIN 6.06 : pesign Vulnerability (NS-SA-2023-0132)

The remote NewStart CGSL host, running version MAIN 6.06, has pesign packages installed that are affected by a vulnerability: - A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesig...

NewStart CGSL MAIN 6.06 : net-snmp Multiple Vulnerabilities (NS-SA-2023-0133)

The remote NewStart CGSL host, running version MAIN 6.06, has net-snmp packages installed that are affected by multiple vulnerabilities: - handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker w...

NewStart CGSL MAIN 6.06 : apr-util Vulnerability (NS-SA-2023-0131)

The remote NewStart CGSL host, running version MAIN 6.06, has apr-util packages installed that are affected by a vulnerability: - Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer...

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

Denial Of Service (DoS)

github.com/projectcalico/calico is vulnerable to Denial Of Service DoS. The vulnerability exists because the TLS Handshake call is executed within the main server handle loop without any timeout mechanism. This means that an incomplete or unclean TLS handshake can potentially block the main loop...

Cross-site Scripting (XSS)

phpbb/phpbb is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in acpicons.php does not adequately escape the smilies URL and does not prevent the use of a .pak filename, allowing an attacker to inject and execute malicious JavaScript...

The vulnerability in the `bitrix/modules/main/classes/general/user_options.php` file of the `main` module of the Bitrix24 business management service allows a hacker to execute arbitrary code and gain increased privileges.

The vulnerability of the bitrix/modules/main/classes/general/useroptions.php file in the Bitrix24 business management module is related to improper external manipulation of the file’s name or path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and...

The vulnerability of the `desktop_app/file.ajax.php?action=uploadfile` component in the main module of the Bitrix24 business management service allows a attacker to cause a service failure.

The vulnerability of the desktopapp/file.ajax.php?action=uploadfile component in the main module of the Bitrix24 business management service is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service...

F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. - The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair...

CVE-2023-2622

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call RPC of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read...