Design/Logic Flaw

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...

CVE-2022-26942 Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...

SUSE CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the use of memory after it is freed, allows attackers to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

[SECURITY] Fedora 39 Update: ansible-core-2.16.0~b2-1.fc39

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...

F5 Networks BIG-IP TCP profile vulnerability (K000134652)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2023-98208)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from the presence of mutual exclusion lock management in kernel modules. An attacke...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

CVE-2023-42796

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

PT-2023-6260 · Siemens · Simatic Cp 1623 +4

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1604 All versions SIMATIC CP 1616 All versions SIMATIC CP 1623 All versions SIMATIC CP 1626 All versions SIMATIC CP 1628 All versions Description: A vulnerability has been identified that exposes kernel memory of affected devices t...

Unbreakable Enterprise kernel security update

5.15.0-106.131.4 - jbd2: check 'jh-btransaction' before removing it from checkpoint Zhihao Cheng - jbd2: fix checkpoint cleanup performance regression Zhang Yi - scsi: qla2xxx: Fix TMF leak through Quinn Tran - scsi: qla2xxx: Fix command flush during TMF Quinn Tran - scsi: qla2xxx: Limit TMF to 8...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, caused by buffer overflows, allows attackers to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit arises due to buffer overflows. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

nodejs: Permissions policies can be bypassed via Module._load

A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from the presence of mutual exclusion lock management in kernel modules. An attacke...

Important: nodejs security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

Fedora 38 : fwupd (2023-48c43df788)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-48c43df788 advisory. This release adds the following features: Add a launchd agent for macOS Add a new security attribute for BIOS capsule updates to be enabled Add functionality...