SUSE-SU-2023:1726-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless /sys/fs/cgroup is writable when cgroupns isn't unshared bnc1209884. - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability bnc1208962. -...

CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

Cross site scripting

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416...

CVE-2022-47189

Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device...

PT-2023-15229 · Generex · Generex Ups Cs141

Name of the Vulnerable Software and Affected Versions: Generex UPS CS141 versions prior to 2.06 Description: The issue allows an attacker to upload a firmware file containing an incorrect configuration, disrupting the normal functionality of the device. Recommendations: For versions prior to 2.06...

PT-2023-2230 · D Link · D-Link Dir-882

Name of the Vulnerable Software and Affected Versions: D-LINK DIR-882 version 1.30 Description: An information disclosure issue exists in the Syslog functionality, allowing a specially crafted network request to disclose sensitive information. This is due to a lack of protection for service data....

CVE-2023-26925

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information...

Velociraptor Version 0.6.8 Available Now

A New Client-Server Communication Protocol, VFS GUI, and More Performance Upgrades Make This The Fastest and Most Scalable Velociraptor Yet Rapid7 is excited to announce the release of version 0.6.8 of Velociraptor—an advanced, open-source digital forensics and incident response DFIR tool that...

Input validation

A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...

CVE-2023-22845

An out-of-bounds read vulnerability exists in the TGAInput::decodepixel functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2023-23005

A flaw was found in the Linux kernel’s mm/memory-tiers.c functionality in the memorytierinit function, where an incorrect return value check from the allocmemorytype occurs. The CVE is disputed because there are no realistic cases in which a user can cause the allocmemorytype error case to be...

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

PT-2023-4756

Name of the Vulnerable Software and Affected Versions angular versions 1.4.9 and later Description The issue is related to the usage of an insecure regular expression in the inputurl functionality of the angular package, which can lead to a Regular Expression Denial of Service ReDoS via the...

CVE-2023-1683

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/systemlog.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to t...

Upgraded Q -> 2 from #98 [1679803209669]

Judge has assessed an item in Issue 98 as 2 risk. The relevant finding follows: QA-01 PauseModifier is implemented in the KangarooVault.sol contract but isn't used due to not being apart of core functionality --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2023-28114

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

CVE-2022-37337

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2022-36429

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...

Command injection

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...