GHSA-8J9G-C9RP-JVG4 Salt vulnerable to Improper Certificate Validation

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), be.objectify:deadbolt-core_2.10 (>=2.2.0 <=2.4.3) +1203 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=5.0.0.Alpha1 <=5.1.1.Final)

org.hibernate:hibernate-validator MAVEN version =5.0.0.Alpha1, =1.0.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.0.0, =4.0.0.Final, =4.3.0-beta-3 - br.com.caelum:vraptor-musicjungle =4.0.0-beta-1 - br.com.ingenieux.dropwizard:dropwizard-envvar =0.0.1 -...

RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and...

GHSA-HX44-C87V-P6XG Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

trytond-account (>=4.2.0 <=4.2.11), trytond-account-asset (>=4.2.0 <=4.2.3) +99 more potentially affected by CVE-2017-0360 via trytond (=4.2.22)

trytond PYPI version =4.2.22 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - trytond-account =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.1 and more Source cves: CVE-2017-0360 Source advisory: OSV:GHSA-7CWG-2575-3...

com.redhat.rhevm.api:rhevm-api (>=0.1-milestone <=1.0-rc1.21), com.redhat.rhevm.api:rhevm-api-cli-actions (>=0.9-milestone1 <=0.9-milestone-4.4) +21 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=2.0-RC1 <=3.0.24.Final)

org.jboss.resteasy:resteasy-yaml-provider MAVEN version =2.0-RC1, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.1-milestone,...

net.osgiliath.framework:net.osgiliath.features.karaf-features-full (>=0.0.1 <=0.0.3), net.osgiliath.framework:net.osgiliath.features.karaf-features-jpa (>=0.0.1 <=0.0.3) +48 more potentially affected by CVE-2015-7501 via org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections (>=3.2.1_1 <=3.2.1_3)

org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections MAVEN version =3.2.11, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.2.0, =1.0.2, =1.0.8 - org.frie...

ch.inftec.ju:ju-dbutil (>=4.1 <=4.5.1-rc-8), ch.inftec.ju:ju-dbutil-test (=4.1) +658 more potentially affected by CVE-2015-7501 via net.sourceforge.collections:collections-generic (=4.01)

net.sourceforge.collections:collections-generic MAVEN version =4.01 is affected by a known vulnerability. The following packages have a transitive dependency on net.sourceforge.collections:collections-generic and may be impacted: - ch.inftec.ju:ju-dbutil =4.1, =4.4-5, =4.4-4, =4.1, =4.1, =4.1,...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +927 more potentially affected by CVE-2017-12624 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.13)

org.apache.cxf:cxf-core MAVEN version =3.1.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =5.0.0, =1.0.0, =2.3.3, =1.0, =0.2, =0.2, =0.4 - com.github.arucard21.simplyrestful:simplyrestful-spring-boot =0.1 and more Source cves: CVE-2017-12624...

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.21), at.chrl:chrl-jms (=1.1.0) +3935 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=5.2.21.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.5.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

Rocky Linux-system-roles bug fix and enhancement update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Rocky Linux-system-roles package includes a collection of Ansib...

5.32 metadata for the Rocky Linux 8 module matrix (2/4)

An update is available for perl-DBD-Pg, perl-DBI, perl-IO-HTML, perl-LWP-MediaTypes, perl-Data-Dump, perl-FCGI, perl-HTTP-Message, perl-Net-HTTP, perl-File-pushd, perl-Try-Tiny, perl-Digest-HMAC, perl-HTML-Parser, perl-NTLM, perl-Mozilla-CA, perl-IO-Socket-SSL, perl-libwww-perl, perl-Encode-Local...

5.32 metadata for the Rocky Linux 8 module matrix (3/4)

An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...

5.32 metadata for the Rocky Linux 8 module matrix (1/4)

An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...

CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

DEBIAN-CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Rsyslog vulnerability (USN-5404-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5404-1 advisory. Pieter Agten discovered that Rsyslog incorrectly handled certain requests. An attacker could possibly use this issue to cause a crash...

CVE-2022-24903

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

UBUNTU-CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...