102 matches found
CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors
A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...
PT-2024-38750 · Red Hat · Red Hat Openstack Platform
Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack Platform RHOSP director versions 16.1 through 17.1 Description: A flaw was found in the Red Hat OpenStack Platform RHOSP director, allowing an attacker to deploy potentially compromised container images via disabling TLS...
[slackware-security] gimp
New gimp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gimp-2.10.36-i586-1slack15.0.txz: Upgraded. This release fixes security issues: If a user loads a malicious DDS, PSD, or PSP file, this...
SUSE CVE-2009-0937
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors...
SUSE CVE-2009-0938
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service exit node crash via "malformed input."...
SUSE CVE-2013-5123
The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...
Download Monitor < 4.5.98 - Admin+ Arbitrary File Download
The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR...
UBUNTU-CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
CVE-2022-0738
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...
CVE-2022-0738
Removed by vendor...
PT-2022-13400 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 14.6 through 14.6.4 GitLab versions 14.7 through 14.7.3 GitLab versions 14.8 through 14.8.1 Description: An issue has been discovered in GitLab where user passwords were leaked when adding mirrors with SSH credentials under...
[SECURITY] Fedora 36 Update: cobbler-3.3.2-1.fc36
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
CVE-2020-16156
A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. Mitigation This issue can be mitigated by...
CVE-2020-16156
CPAN 2.28 allows Signature Verification Bypass...
[SECURITY] Fedora 34 Update: axel-2.17.10-1.fc34
Axel tries to accelerate HTTP/FTP downloading process by using multiple connections for one file. It can use multiple mirrors for a download. Axel has no dependencies and is lightweight, so it might be useful as a wget clone on byte-critical systems...
Silently Runs Cryptocoin Miner in hooka-tools
Affected versions of hooka-tools were compromised and modified to silently run a cryptocoin miner in the background. All affected versions have been unpublished from the npm registry. Recommendation While this module has been unpublished, some versions may exist in mirrors or caches. Do not insta...
The vulnerability of the Hex package manager, related to insufficient validation of input data, allows for the execution of arbitrary code.
The vulnerability of the package manager Hex is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading packages from a malicious mirror site...
CVE-2009-0938
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service exit node crash via "malformed input."...
CVE-2009-0937
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors...