CVE-2023-0425 Buffer overflow in global memory region

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

PT-2023-6026 · Apple +6 · Macos Sonoma +10

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17 iPadOS versions prior to 17 watchOS versions prior to 10 macOS Sonoma versions prior to 14 Description: A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrar...

PT-2023-6795 · Apple +6 · Safari +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...

CVE-2023-4132

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2022-28615: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

PT-2023-7025 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the fixed version Description: Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module...

Node.js Modules Installed (Linux)

Binary data nodejsmoduleslinuxinstalled.nbin...

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057

CVE-2023-38057 affects OTRS Survey modules: 7.0.x prior to 7.0.32, 8.0.x prior to 8.0.13, and the ((OTRS)) Community Edition Survey module from 6.0.x through 6.0.22. The vulnerability is caused by improper input validation in the survey module, allowing an attacker who has a link to a valid, unan...

PT-2023-26267 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...

CVE-2023-37292

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

CVE-2023-37292 HGiga iSherlock - Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

The vulnerability of the microprogramming software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TRXT controllers from the Allen-Bradley ControlLogix series allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TR...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to insufficient validation of data authenticity, allows attackers to compromise data integrity.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to insufficient validation of data authenticity. Exploiting this vulnerability allows attackers to compromise data integrity...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to writing beyond the buffer limit, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

Important: golang

Issue Overview: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules whi...