Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. PoC 1. Go to Elementor Tools Replace URL 2. Fill the first field with...

Oracle Linux 9 : libwebp (ELSA-2023-2078)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2078 advisory. 1.2.0-6 - Fix tools subpackage dependency 1.2.0-4 - Added fix for mzbz1819244 Tenable has extracted the preceding description block directly from the Oracle Lin...

CVE-2023-1999

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

K000133699: Oracle WebLogic Server vulnerabilities CVE-2023-21964, CVE-2023-21979, and CVE-2023-21996

Security Advisory Description CVE-2023-21964 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...

Rocky Linux 9 : thunderbird (RLSA-2023:1809)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1809 advisory. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...

Keysight N8844A Data Analytics Web Service (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Keysight Equipment : N8844A Data Analytics Web Service Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code...

CentOS 7 : firefox (RHSA-2023:1791)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1791 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affec...

CentOS 7 : thunderbird (RHSA-2023:1806)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

PT-2023-21552 · Hewlett Packard · Hpe Proliant Rl300 Gen11 Server +1

Name of the Vulnerable Software and Affected Versions: HPE ProLiant RL300 Gen11 Server affected versions not specified Description: A potential security issue has been identified in the system, which could result in the system being vulnerable to exploits by attackers with physical access inside...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67106)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

Oracle JDeveloper Information Disclosure (April 2023 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability as referenced in the April 2023 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF...

Omron CS/CJ Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...

INEA ME RTU

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

Denial Of Service (DoS)

firefox is vulnerable to Denial Of Service DoS. An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...

Oracle Primavera P6 Enterprise Project Portfolio Management (April 2023 CPU)

The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by a buffer overflow vulnerability as referenced in the April 2023 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction...

Oracle Essbase (April 2023 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including following that are remotely exploitable: - Vulnerability in Security and Provisioning component o...

AlmaLinux 9 : firefox (ALSA-2023:1786)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1786 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. CVE-2023-1945 - A website...