261 matches found
AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
GSD-2023-1001316 libbpf: Avoid enum forward-declarations in public API in C++ mode
libbpf: Avoid enum forward-declarations in public API in C++ mode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
CVE-2022-46383
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...
PT-2022-27846 · Rackn · Rackn Digital Rebar
Name of the Vulnerable Software and Affected Versions: RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8...
CVE-2022-46383
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...
java-17-openjdk security and bug fix update
1:17.0.5.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz2132934...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
Improper access control
The public API error causes for the attacker to be able to bypass API access control...
CVE-2022-23730
The public API error causes for the attacker to be able to bypass API access control...
PT-2022-4092 · Siemens · Simatic Pcs 7 +1
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...
Siemens SIMATIC WinCC and PCS
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2...
PT-2021-10508 · Baigo Cms · Baigo Cms
Name of the Vulnerable Software and Affected Versions: baigo CMS version 4.0-beta-1 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via the post parameter to the "/public/console/profile/info-submit/" API endpoint. Recommendations: For baigo CMS...
OpenSSL Input Validation Error Vulnerability
OpenSSL is a powerful, commercial-grade, full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. It is also a general-purpose cryptographic library. An input validation error vulnerability exists in the OpenSSL public API that stems from the...
OPENSUSE-SU-2021:0341-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static...
OpenSSL Code Issue Vulnerability
OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2021-25760
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...
Information disclosure
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...
CVE-2021-25760
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...
CVE-2020-14273
HCL Domino is susceptible to a Denial of Service DoS vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server...