exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2023-20860

Status Candidate

Overview

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

Related Files

Red Hat Security Advisory 2023-4983-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4983-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include bypass, denial of service, deserialization, and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-30129, CVE-2022-25857, CVE-2022-3171, CVE-2022-37599, CVE-2022-38900, CVE-2022-40152, CVE-2022-42920, CVE-2022-45047, CVE-2023-0482, CVE-2023-20860, CVE-2023-20883
SHA-256 | 6867bafdeedf9ae75c9407251eef4143953398b5310e20fefd7e1e5070726ec8
Red Hat Security Advisory 2023-4612-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-1471, CVE-2022-31684, CVE-2022-45143, CVE-2023-1108, CVE-2023-20860, CVE-2023-20861
SHA-256 | 9fce17aaf4b1e17b6dd5371a535e817dbb5fd71c7e4c095fca880dd19e594fbd
Red Hat Security Advisory 2023-3625-01
Posted Jun 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. Issues addressed include bypass, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
systems | linux, redhat
advisories | CVE-2022-41966, CVE-2023-20860, CVE-2023-32977, CVE-2023-32979, CVE-2023-32980, CVE-2023-32981
SHA-256 | 6c9533d59305426940cb421a1f39f2dd82290bdf18ec5daf3ed8d9b261dad6a0
Red Hat Security Advisory 2023-3771-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2023-20860, CVE-2023-20861
SHA-256 | 00566f877e194c658cc2885f9f671af06701ad0fc1fd4587e997d9d53e79ea82
Red Hat Security Advisory 2023-3663-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3663-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, information leakage, insecure permissions, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-2048, CVE-2022-22976, CVE-2022-40149, CVE-2022-40150, CVE-2022-41966, CVE-2022-42003, CVE-2022-42004, CVE-2023-1370, CVE-2023-1436, CVE-2023-20860, CVE-2023-26464, CVE-2023-27898, CVE-2023-27899, CVE-2023-27903
SHA-256 | a1e8f32defa19f2f1392ba490d9129bc4b5de076aa6ffae28d55d9c26539ddf8
Red Hat Security Advisory 2023-3622-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, csrf
systems | linux, redhat
advisories | CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2023-1370, CVE-2023-1436, CVE-2023-20860, CVE-2023-20861, CVE-2023-27903, CVE-2023-27904
SHA-256 | b7935bb45130f797b9dd93023e22673b037f602a5fd4b10a7467504fa480ed2a
Red Hat Security Advisory 2023-3610-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2022-40149, CVE-2022-40150, CVE-2022-41723, CVE-2022-45693, CVE-2023-1370, CVE-2023-20860, CVE-2023-20861, CVE-2023-24422, CVE-2023-32977, CVE-2023-32981
SHA-256 | 7b9b64c4675eb47823910162607f47f837dc4f1a040d0a13d9a6614093eb3803
Red Hat Security Advisory 2023-3185-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3185-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2022-22970, CVE-2022-22971, CVE-2022-3782, CVE-2023-0482, CVE-2023-20860, CVE-2023-20861
SHA-256 | 1a2458a3502ff1a7cb28ee6141aa2e6ef424063c12d96126e29943cfe76d91c6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close