PT-2022-10265 · Unknown · Dragonfly Ruby Gem

Name of the Vulnerable Software and Affected Versions: Dragonfly Ruby Gem version 1.3.0 Description: An argument injection issue allows attackers to read and write arbitrary files when the verify url option is disabled. This issue is exploited via a crafted URL. Recommendations: For Dragonfly Rub...

SUSE-SU-2019:0563-1 Security update for audit

This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. bsc1125535 FATE326346 Many features were added to auparsenormalize cli option added to auditd and audispd for setting config dir In auditd, restore the...

keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored

It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware formerly python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true,...

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the rsaitemverify function in the OpenSSL library is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failures by using specially crafted RSA PSS parameters, when these parameters are processed with the...