Security
Headlines
HeadlinesLatestCVEs

Tag

#web

RHSA-2023:4418: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets must be applied. This flaw...

Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#js#java#oauth#auth#ibm#sap
RHSA-2023:4417: Red Hat Security Advisory: cjose security update

An update for cjose is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets must be applied. This flaw...

CVE-2022-39987: raspap-webgui/ajax/networking/get_wgkey.php at master · RaspAP/raspap-webgui

A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.

RHSA-2023:4414: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving pr...

RHSA-2023:4416: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the re...

RHSA-2023:4415: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38403: An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on t...

RHSA-2023:4411: Red Hat Security Advisory: cjose security update

An update for cjose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets must be applied. This flaw allows an attacker to pro...

RHSA-2023:4409: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryptio...

RHSA-2023:4410: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorre...

RHSA-2023:4408: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37464: A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets ...