[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194475 Download | Alert*

It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code. This update backports the option RestApiWriteToFileSystemEnabled, setting it to "true" in /etc/orthanc/orthanc.json restores the previous behaviour.

It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code. This update backports the option RestApiWriteToFileSystemEnabled, setting it to "true" in /etc/orthanc/orthanc.json restores the previous behaviour.

It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix: * cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE For more details about the security issue, including the impact, a CVSS score, ac ...

It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.

This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag .

This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag .

cjose: C library implementing the JOSE standard JOSE for C/C++ could be made to crash if it received specially crafted input.

CJose is C library implementing the Javascript Object Signing and Encryption .

A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties.


Pages:      Start    7964    7965    7966    7967    7968    7969    7970    7971    7972    7973    7974    7975    7976    7977    ..   19447

© SecPod Technologies