CoreDNS has TSIG authentication bypass on gRPC and QUIC transports

Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...

Linux Distros Unpatched Vulnerability : CVE-2024-36976

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Revert media: v4l2-ctrls: show all owned controls in logstatus This reverts commit...

CVE-2022-49479 mt76: fix tx status related use-after-free race on station removal

In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skb getting added to the status tracking idr after that idr has already been cleaned up, whic...

Error: "vDisk is not available. Please check your network PXE boot configuration and restart Imaging Wizard" or "Red X" on Provisioning Server

After installing the Target Device Software and rebooting the following symptoms can be seen: A Red X is displayed on top of the vDisk Status Applet in the Tray Bar After running the Imaging Wizard and rebooting the following message is shown:"vDisk is not available. Please check your network PXE...

The "Power Status" of all VDAs are displayed as "Unknown"

In DaaS management, the "Power Status" of all VDAs was displayed as "Unknown",Power control startup, shutdown, restart, etc. could not be performed. Also, when power control was executed, the log on the Citrix side would show "Success".However, the power action was not executed on the Azure VDA...

Addressing the "Down" Status of Secondary ADM Database

After upgrading the firmware from ADM13.0-85.19 to ADM13.0-89.7, the customer encountered a problem where the status of the secondary ADM database is marked as "down."...

CVE-2022-41962 BigBlueButton contains Incorrect Authorization for setting emoji status

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to s...

DEBIAN-CVE-2018-11645

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977...