Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby regression (USN-6055-2)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6055-2 advisory. USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

Hardcoded credentials

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

PT-2023-13980 · Sage · Sage 300

Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue involves the use of a hard-coded 40-byte blowfish key for encrypting and decrypting user passwords and SQL connection strings stored in ISAM database files. This could allow attackers to...

CVE-2022-41400

Sage 300 (through 2022) is affected by CVE-2022-41400 due to a hard-coded 40-byte Blowfish key used to encrypt/decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This weak key mechanism could allow an attacker to decrypt credentials store...

Sage Group Sage 300 信任管理问题漏洞

Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK designed to facilitate business management. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a hard-coded puffer k...

SQL Injection in AssetController

Impact SQL injections in AssetController due to unsanitized concatenating strings in where clause. The attacker can dump database, alter data or perform dos on the backend database. Patches Update to version 10.5.21 or apply this patch manually...

SUSE-SU-2023:2054-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411...

PT-2023-18927 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to SQL injections in the AssetController due to unsanitized concatenating strings in the where clause. This allows an attacker to dump the database, alter data, or...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

APT28’s SNMP Attack on Cisco Routers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 used SNMP access to exploit Cisco routers and gain network access, utilizing weak SNMP community strings and exploiting a vulnerability to deploy Jaguar Tooth. To receive real-time threat advisorie...

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value).

...

SolarWinds Platform 信息泄露漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. An information disclosure vulnerability exists in SolarWinds Platform version 2023.1 and prior versions that originates from a vulnerability that allows a user to access th...

PT-2023-19246 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows users to access the Orion.WebCommunityStrings SWIS schema object, obtaining sensitive information. Recommendations: At the moment, there is no information about...

DEBIAN-CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

AZL-26282 CVE-2023-29469 affecting package libxml2 for versions less than 2.10.4-1

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-22577

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings...

CVE-2023-22577

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings...