CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices allows a attacker to trigger a service failure.

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices is related to operations that occur outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note:...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

F5 BIG-IP 路径遍历漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a path traversal vulnerability that stems from a failure of a network system or product to properly...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from a special method...

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS EAP-TTLS EAP-PEAP or EAP-TNC). This is fixed in 5.9.10.

...

pki-core: access to external entities when parsing XML can lead to XXE

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

Fedora: Security Advisory for ruby (FEDORA-2023-a7be7ea1aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

The vulnerability of strongSwan demon, related to errors in certificate verification in EAP methods based on TLS, allows a perpetrator to perform a denial-of-service attack.

The vulnerability of strongSwan is related to errors in certificate verification during EAP methods based on TLS. Exploiting this vulnerability allows a remote attacker to perform a denial-of-service attack...

USN-6028-1 libxml2 vulnerabilities

It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2023-28484 It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a cras...

Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft

Overview Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

DEBIAN-CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

ALPINE-CVE-2023-26463

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

strongSwan 信任管理问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. A security vulnerability exists in...

The vulnerability of the UEFI loader of the Boot Manager for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the UEFI-bootloader of Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions...