CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...

PT-2023-18169 · Google · Android

Name of the Vulnerable Software and Affected Versions: TelecomServiceImpl.java affected versions not specified Description: The issue is related to a missing permission check in the registerPhoneAccount function of TelecomServiceImpl.java, which could lead to local information disclosure. This...

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security feature bypass

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40123

CVE-2023-40123 affects the PipMenuView.java component in the Android framework, with a bug in updateActionViews that allows a confused deputy to bypass a multi-user security boundary, causing local information disclosure without extra execution privileges. Exploitation requires no user interactio...

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2023-27278 · Google · Android

Name of the Vulnerable Software and Affected Versions: PipMenuView.java affected versions not specified Description: The issue is related to a possible bypass of a multi-user security boundary due to a confused deputy in the updateActionViews of PipMenuView.java. This could lead to local...

Important: Red Hat Security Advisory: galera and mariadb security update

An update for galera and mariadb is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: mariadb:10.5 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

ALSA-2023:5683 Important: mariadb:10.5 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

ALSA-2023:5684 Important: galera and mariadb security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.14, mariadb 10.5.22. Security Fixes: mariadb: node crashes with Transport endpoint is not connected mysqld got signa...

ASB-A-278246904

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Insufficiently Protected Credentials

github.com/schollz/croc is vulnerable to sensitive information disclosure via Insufficiently Protected Credentials. The vulnerability is due to when users specify a custom shared secret via the command line, as it becomes visible on the host's process list for all local users. This can lead to...

Moderate: Red Hat Security Advisory: mariadb:10.3 security, bug fix, and enhancement update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mariadb:10.3 security, bug fix, and enhancement update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3. BZ2223572, BZ2223574, BZ2223962, BZ2223965 Security Fixes: mariadb: segmentation fault via the component subselect...

[SECURITY] Fedora 38 Update: community-mysql-8.0.34-2.fc38

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 39 Update: community-mysql-8.0.34-2.fc39

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2023-21289

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21289

CVE-2023-21289 affects Google Android and is an information-disclosure issue caused by a confused-deputy bypass of a multi-user security boundary. The description in connected records indicates local information disclosure with no extra privileges and no user interaction required. Public referenc...