Race Condition (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Race Condition Leaky Vessels in the subpath mounting when two malicious build steps are running in parallel and sharing the same cache mounts. This can lead to files from the host system being accessible to the build container. Workarou...

CVE-2023-49957

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP Open Charge Point Protocol for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Default credentials

ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a Lockout Policy with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit...

ZITADEL Competitive conditions loophole

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. ZITADEL versions prior to 2.40.5, 2.38.3 and prior to 2.38.3 suffer from a Competing Conditions Issue vulnerability that...

Debian: Security Advisory (DLA-3643-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Uncontrolled Resource Consumption in Ietf Http

HTTP2 Rapid Reset Attack: CVE-2023-44487 Quick exploit to test...

Frontier Security Vulnerabilities

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ether Dapps. A security vulnerability exists in previous versions of Frontier aea52819, which stems from a vulnerability that allows an attacker to create contracts with a large number of stored values on a parallel...

Conversion Manager 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1

Conversion Manager 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1 Who Should Install This Update? This Conversion Manager virtual appliance update is for customers who use the Conversion Manager feature of Citrix Hypervisor 8.2 CU1. It constitutes the following deliverable: File Name|...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2286)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2286)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs...

SUSE CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

Design/Logic Flaw

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

PT-2023-8429 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.7 Nextcloud Server versions prior to 26.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.12 Nextcloud Enterprise Server versions prior to 22.2.10.12 Nextcloud Enterprise Server versions prior to...

Nextcloud 安全漏洞

Nextcloud is Germany's Nextcloud company's set of open source self-hosted file synchronization and sharing communication application platform. A security vulnerability exists in Nextcloud Server versions 25.0.7, 26.0.2, Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7,...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Summary Multiple issues were identified in Red Hat UBI packages libcurl, openssl, gnutls, libarchive and libsepol that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of...

curl: HSTS amnesia with --parallel

A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity...