Driver Disk for Microsemi smartpqi 2.1.26_030 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.26030...

Microsoft Windows Authentication Methods Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Authentication Methods. An attacker could exploit the vulnerability to elevate privileges. The following products...

Microsoft Windows Authentication Methods Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Authentication Methods. An attacker could exploit this vulnerability to obtain sensitive information. The followi...

curl security update

7.76.1-26 - unify the upload/method handling CVE-2023-28322 - fix host name wildcard checking CVE-2023-28321 7.76.1-25 - adapt the fix of CVE-2023-27535 for RHEL 9 curl 7.76.1-24 - fix SSH connection too eager reuse still CVE-2023-27538 - fix GSS delegation too eager connection re-use...

Fedora 39 : pypy3.10 (2023-ddde191e04)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddde191e04 advisory. Automatic update for pypy3.10-7.3.12-1.3.10.fc39. Changelog Wed Jul 26 2023 Miro Hronok - 7.3.12-1.3.10 - Initial PyPy 3.10 package Wed Jul 26 2023...

DEBIAN-CVE-2023-43665

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

CLSA-2023-1698945913 python3: Fix of CVE-2020-26116

CVE-2020-26116: prevent header injection in http methods...

PT-2023-35556 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the getInnerBopAst function of JavaAstVisitor class in Checkstyle. The issue is related to the ReferencePipeline$3$1.accept and...

The vulnerability of the EisBaer SCADA system, related to the use of dangerous methods or functions, allows a intruder to execute arbitrary codes.

The vulnerability of the EisBaer SCADA system is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Jenkins Gogs Plugin uses non-constant time webhook token comparison

Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is n...

Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this...

GHSA-885R-HHPR-CC9P Jenkins Gogs Plugin uses non-constant time webhook token comparison

Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is n...

GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

GHSA-8859-V9JP-CPHF Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication o...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46658

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

Information disclosure

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

Code injection

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46658

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...