Multiple, Non-isc Security Vulnerabilities

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution...

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to...

Talkback reads notifications of non-current Android user

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Non-runtime permission flags aren't preserved upon APK updates

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

GKI kernels contain broken non-upstream Speculative Page Faults MM code

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Malicious code in @juiggitea/nemo-non-sit (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (34313e69f7eab944c7cd563239a4fdc8adb6e2f0a7452d31c66703b4665dd02f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/libero-non-iste-ut (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (98094e16fff3197dc2993de28d315c329956f79830ac9fed74a7efda129ff2c0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...

containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...

AIX is vulnerable to denial of service due to ISC BIND

IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...

wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some...

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...

Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web...

Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web...

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND

Summary UPDATED: (Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable) Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details **...

[2023-01-30] Android Enterprise (AFW) allows non-approved apks to be sideloaded into the work profile

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

containerd started with non-empty inheritable Linux process capabilities in github.com/containerd/containerd

containerd started with non-empty inheritable Linux process capabilities in...

Clorius Controls ISC SCADA Detection

Nessus detected the web interface for a Clorius Controls ISC SCADA...

When anonymously accessed, the "Related Labels" section show labels that are tagged on pages in non-anonymous spaces.

h3. Issue Summary When anonymously accessed, the "Related Labels" section shows labels that are tagged on pages in non-anonymous spaces. This is reproducible on the Data Center: yes Pre-condition: Page accessible anonymously has been labelled - e.g. label1 and {}label2{}. Page that is not...

wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl

wolfictl leaks GitHub tokens to remote non-GitHub git servers in...

Clorius Controls ISC SCADA Information Disclosure

Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...

containerd started with non-empty inheritable Linux process capabilities

Impact A bug was found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some...

Ant Media Server does not properly authorize non-administrative API calls

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be...

AD Starter Scan - Non-Expiring Account Password

Active Directory accounts can be configured to escape global password renewal policies. Accounts set up like this can be used indefinitely without ever changing their password. User and administrator accounts should never have this attribute set. By default, this check skips disabled accounts. To.....

Unsoundness in variable comparison / non-unique binary decomposition in github.com/consensys/gnark

Unsoundness in variable comparison / non-unique binary decomposition in...

CVE-2024-0778

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort...

CVE-2022-2929

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of...

SSL/TLS: Report Non Weak Cipher Suites

This routine reports all Non Weak SSL/TLS cipher suites accepted by a...

CVE-2022-2928

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The functio...

Non-Existent Page Physical Path Disclosure Vulnerability

Your web server reveals the physical path of the webroot when asked for a non-existent page. Whilst printing errors to the output is useful for debugging applications, this feature should not be enabled on production...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones [CVE-2023-50387]. ISC BIND is included as a Base OS package used by our Service...

non-solo.ch Cross Site Scripting vulnerability OBB-3914057

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-4408]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages [CVE-2023-4408]. ISC BIND is included as a Base OS package used by our Service Runtimes. This...

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50868]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when preparing an NSEC3 closest encloser proof. [CVE-2023-50868]. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabilitiy....

Timing attack from non-constant time scalar multiplication in github.com/bnb-chain/tss-lib

Timing attack from non-constant time scalar multiplication in...

Ant Media Server does not properly authorize non-administrative API calls

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be...

Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a....

Intel BIOS Guard and PPAM Firmware May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

Exchange Backup Fails With: "Failed to get folder properties. Not allowed to access Non IPM folder"

Due to a recent change in Microsoft 365, the properties of the ‘TeamsMessagesData’ folder cannot be retrieved using the EWS APIs currently used by Veeam Backup for Microsoft...

Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib

Timing attack from non-constant time scalar arithmetic in...

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...

K11342432 : BIG-IP HTTP non-RFC-compliant security exposure

Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....

CVE-2019-17567 mod_proxy_wstunnel tunneling of non Upgraded connections

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation,...

HP Sure Admin Security Update

A potential security vulnerability has been identified in certain HP PC products using HP Sure Admin, which might allow escalation of privilege. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...

BIT-vault-2024-2048

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...