virtualbox-ose -- multiple vulnerabilities

[email protected] reports: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructur...

CVE-2023-36836 Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service DoS. On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fa...

Attacker can force users to delegate to SPONSORSHIP_ADDRESS

Lines of code Vulnerability details Impact An attacker can change the delegatee of a user who deposited into the vault to the SPONSORSHIPADDRESS address by calling one of the functions sponsor or sponsorWithPermit and giving the address of the user as receiver. The impact of this issue is that th...

CVE-2023-3600

The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash...

RSEC-2023-0 Out-of-bounds write and stack based buffer overflow vulnerabilities

The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multiple attack vectors due to the underlying use of the libxls library. Several exploitable vulnerabilities have been identified in different functions of libxls versions 1.3.4 and 1.4. These include out-of-bounds write and stack...

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2023-72198)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

Design/Logic Flaw

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600 Use-after-free in workers

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

Rockwell Automation Select Communication Modules

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK,...

Ubuntu 20.04 LTS : Firefox vulnerability (USN-6218-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6218-1 advisory. A use-after-free was discovered in Firefox when handling workers. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary...