Allocation of Resources Without Limits or Throttling

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

AZL-51135 CVE-2024-43849 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locatoraddr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locatoraddr fields concurrently. Protect them by placing modification of those fields under the...

CVE-2024-28866

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

BIT-VAULT-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

Apache OFBiz Code Issue Vulnerability (CNVD-2023-03920)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code issue vulnerability exists in Apache OFBiz Solr plugin 18.12.05 and earlier, which stems from the default configuration of automatically issuing RMI requests on port 1099 on localhost, which can be...

CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

Insecure Access Control

github.com/hashicorp/vault has insecure access control. The vulnerability exists due to a lack of secure configuration to enforce MGF on login after server restarts...

Denial of service

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3...

Microsoft to Issue 16 Security Patches and 60 Other Updates

Microsoft has this time quite a big pile of security patches in its November 2014 Patch Tuesday, which will address almost 60 non-security updates for its Windows OS along with 16 security updates. The software giant released Advance Notification for 16 security bulletins, the most in more than...