Nextcloud: Mail app stores cleartext password in database until OAUTH2 setup is done
## Summary: The Mail app usually stores the user password encrypted. For XOAUTH2 the encrypted access token is stored in the same columns. However, during the time of the setup, XOAUTH2 accounts have ...
Continue Reading
July 01, 2023
CVE-2021-37146
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLR ...
Continue Reading
July 01, 2023
[SECURITY] [DSA 4993-1] php7.3 security update
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4993-1 [email protected] https://www.debian.org/security/ ...
Continue Reading
July 01, 2023
PHP vulnerability
## Releases * Ubuntu 21.10 * Ubuntu 21.04 * Ubuntu 20.04 LTS * Ubuntu 18.04 ESM * Ubuntu 16.04 ESM * Ubuntu 14.04 ESM ## Packages * php5 - HTML-embedded scripting language interpreter ...
Continue Reading
July 01, 2023
(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.4.19). (BZ#1944110) Security Fix(es) ...
Continue Reading
July 01, 2023
[SECURITY] [DLA 2858-1] libzip security update
- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2858-1 [email protected] https://www.debian.org/lts/security/ ...
Continue Reading
July 01, 2023
Improper Authentication
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd cl ...
Continue Reading
July 01, 2023
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...
Continue Reading
July 01, 2023
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
## Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addressed. ## Vu ...
Continue Reading
July 01, 2023
Uncaught Exception in engine.io
### Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. > RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be ...
Continue Reading
July 01, 2023
