EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-1842)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Exploit for Incorrect Authorization in Cacti

Cacti Unauthenticated Command Injection CVE-2022-46169 This...

New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe

A previously undetected advanced persistent threat APT actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine...

kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in graphgettype We should call ofnodeput for the reference before its replacement as it returned by ofgetparent which has increased the refcount. Besides, we should also call ofnodep...

CVE-2023-29336

Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at May 31, 2023 9:15pm UTC reported: Doing a patch diff between a Windows 10 1607 x86 version of win32kfull.sys prior to the patch and after the patch shows that only one function changed: xxxEnableMenuItem. Looking at th...

UBUNTU-CVE-2023-2478

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to atta...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that any...

PT-2023-2917 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.9.6 GitLab CE/EE versions 15.10 through 15.10.5 GitLab CE/EE versions 15.11 through 15.11.1 Description: An issue has been discovered in GitLab CE/EE, where under certain conditions, a malicious...

Modernizing Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph

Summary IBM has released the below fix for IBM Db2® Graph in response to multiple vulnerabilities found in multiple components Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a...

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to a denial-of-service DoS or manipulation of data. Oracle has fixed vulnerabilities in the following products: - Oracle Database Server - Oracle...

Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548

Summary Node.js open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-43548. The fix updates Node.js to 18.12.1 Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an...

PT-2023-18791 · Tigergraph · Tigergraph Enterprise Free Edition

Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where user credentials are logged. All authenticated GSQL access requests are logged by TigerGraph in multiple places, including both the username and passwo...

Reportly - An AzureAD User Activity Report Tool

Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious user and a time frame and will receive a report detailing the following: 1. Information about t...

CVE-2023-1573

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

Cross site scripting

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

CVE-2023-1573 DataGear Graph Dataset cross site scripting

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

CVE-2023-1573

The CVE-2023-1573 issue affects DataGear up to version 1.11.1, tied to the Graph Dataset Handler. It allows cross-site scripting when processing the component, with remote initiation possible. Exploit information is publicly disclosed. Remediation: upgrade to DataGear 1.12.0 to address the vulner...

DataGear 跨站脚本漏洞

DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A cross-site scripting vulnerability exists in versions of DataGear prior to 1.11.1, which stems from an issue with the component Graph Dataset Handler that can lead to cross-site scripting...