1096 matches found
GHSA-XFFP-6W68-4775 Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol IP address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into accou...
CGA-Q672-W479-6W63
Bulletin has no description...
SUSE CVE-2024-35221
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...
RHEL 7 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: Execution of malicious containers allows for container escape and access to host filesystem...
GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...
EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-1739)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...
The vulnerability of the rndis_set_response() function in the USB driver in the rndis.c module of the Linux kernel allows a hacker to gain increased privileges within the system.
The vulnerability of the rndissetresponse function in the USB driver in the rndis.c module of the Linux kernel is related to integer overflow errors. Exploiting this vulnerability can allow an attacker to gain increased privileges...
CVE-2022-48707
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...
Apache Tomcat 8.0.0.RC1 < 8.0.44
The version of Tomcat installed on the remote host is prior to 8.0.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.44security-8 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...
Apache Tomcat 7.0.0 < 7.0.78
The version of Tomcat installed on the remote host is prior to 7.0.78. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.78security-7 advisory. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error pag...
CLI SSH not working after upgrade with OpenSSH vulnerability patch Error Bad SSH2 cipher spec
After Upgrading to a firmware version with OpenSSH v9.3 patched for the recent SSH vulnerabilities 12.1-55.304+ FIPS, 13.0-92.23+, 13.1-53.4+, 13.1-37.180+ FIPS, 14.1-22.16+ SSH is not working anymore. Putty throws the error: Network error: Software caused connection abort...
CVE-2022-48707
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...
CVE-2022-48707
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...
CVE-2022-48707 cxl/region: Fix null pointer dereference for resetting decoder
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...
CVE-2022-48707 cxl/region: Fix null pointer dereference for resetting decoder
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...
Apple and Google join forces to stop unwanted tracking
Apple and Google have announced an industry specification for Bluetooth tracking devices which help alert users to unwanted tracking. The specification, called Detecting Unwanted Location Trackers, will make it possible to alert users across both iOS and Android if a device is unknowingly being...
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices
Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to...
RHEL 8 : developer_environment (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...
RHEL 7 : runc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - runc: Execution of malicious containers allows for container escape and access to host filesystem...
NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Vulnerability (NS-SA-2024-0013)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has binutils packages installed that are affected by a vulnerability: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via contro...