Code injection

Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...

CVE-2022-42451

CVE-2022-42451 affects HCL BigFix Patch Management, specifically the Download Plug-ins, where certain credentials are stored insecurely. This could allow a local privileged user to access sensitive credentials, consistent with a Local, Low-Complexity exposure (CVSS v3.1: base score ~4.4–4.6, Conf...

[SECURITY] Fedora 37 Update: bind-dyndb-ldap-11.10-17.fc37

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

PT-2023-14116 · Ibm · Bigfix Patch Management

Name of the Vulnerable Software and Affected Versions: BigFix Patch Management affected versions not specified Description: The issue concerns certain credentials within the BigFix Patch Management Download Plug-ins being stored insecurely. This could potentially expose them to a local privileged...

CVE-2023-4570

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using versi...

CVE-2023-4570

CVE-2023-4570 describes an improper access restriction in NI MeasurementLink Python services that permits an attacker on an adjacent network to reach services exposed on localhost, previously believed to be unreachable externally. Affected component: ni-measurementlink-service Python package (ver...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-39161)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. IBM WebSphere Application Server Liberty is vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server...

OESA-2023-1668 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusbdec.c has a memory leak because of the lack of a dvbfrontenddetach call.CVE-2022-45887 A division-by-zero error on some AMD processors ca...

OESA-2023-1667 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusbdec.c has a memory leak because of the lack of a dvbfrontenddetach call.CVE-2022-45887 A division-by-zero error on some AMD processors ca...

The vulnerability of the qfq_dequeue() function in the net/sched/sch_plug.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information, or enhance their privileges.

The vulnerability of the qfqdequeue function in the net/sched/schplug.c module of the Linux kernel is related to the use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information, or t...

CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

Design/Logic Flaw

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446

Pow is a Phoenix/Plug authentication library. CVE-2023-42446 affects Pow.Store.Backend.MnesiaCache in versions 1.0.14 up to, but not including, 1.0.34, where expired keys are not correctly invalidated on startup, allowing potential session hijacking if all MnesiaCache instances are down past a se...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2023-36160

An issue was discovered in Qubo Smart Plug10A version HSP02010114SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console...

CVE-2022-47848

An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...

Qubo Smart Plug Security Vulnerability

Qubo Smart Plug is a smart plug from Qubo. It effectively manages and tracks the energy consumption of devices through real-time power monitoring. A security vulnerability exists in Qubo Smart Plug version 10A HSP02010114SYSTEM-10 A. The vulnerability stems from a vulnerability that allows an...