[SECURITY] Fedora 36 Update: netconsd-0.2-1.fc36

This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...

Fedora: Security Advisory for netconsd (FEDORA-2023-f25098f499)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1258

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware web service modules allows Footprinting.This issue affects Flow-X: before 4.0...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

SUSE-SU-2023:1701-1 Security update for grub2

This security update of grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grubfontconstructglyph bsc1205178. - CVE-2022-3775: Fixed integer underflow in blitcomb bsc1205182. - Bump upstream SBAT generation to 3 - rebuild the package with the new secure boot key bsc120918...

PT-2023-3590 · Apple +7 · Macos Ventura +13

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.4 macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +80 more potentially affected by CVE-2023-25676 via tensorflow-gpu (>=1.10.1 <=2.0.4)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.2, =0.6.7, =0.1.2, =0.1.0, =0.1.2 - dragonn =0.4.2 and more Source cves: CVE-2023-25676 Source advisory: OSV:GHSA-6WFH-89Q8-44JQ...

PT-2023-9783 · Abb · Flow-X

Name of the Vulnerable Software and Affected Versions: ABB Flow-X versions prior to 4.0 Description: The issue is related to exposure of sensitive information to an unauthorized actor, allowing footprinting. This is due to insufficient protection of service data in the web service modules of the...

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1248

Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

UBUNTU-CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1250 Code execution through ACL creation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1248

CVE-2023-1248 – Affected software and fix guidance : The vulnerability is an improper input validation flaw in OTRS/OTRS Community Edition’s Ticket Actions modules that enables Cross-Site Scripting (XSS). Affected products include OTRS 7.0.X (before 7.0.42) and OTRS Community Edition 6.0.1–6.0.34...

OTRS 代码注入漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules, which originates from improper input validation. An attacker could use this vulnerability to locally execute arbitrary...

SourceCodester Monitoring of Students Cyber Accounts System 跨站脚本漏洞

Monitoring of Students Cyber Accounts System is a Monitoring of Students Cyber Accounts System by Chris Jim Egot Individual Developer. A cross-site scripting vulnerability exists in SourceCodester Monitoring of Students Cyber Accounts System version 1.0, which stems from an issue with the file...

PT-2023-17018 · Sourcecodester · Sourcecodester Monitoring Of Students Cyber Accounts System

Name of the Vulnerable Software and Affected Versions: SourceCodester Monitoring of Students Cyber Accounts System version 1.0 Description: A problematic issue has been found in the system, affecting some unknown functionality of the file modules/balance/index.php, specifically the POST Parameter...

CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

openSUSE 安全漏洞

openSUSE is a suite of Linux-based free operating systems and open source community projects from the German company SUSE. A security vulnerability exists in SUSE openSUSE Factory obs-service-gomodules versions prior to 0.6.1, which stems from a vulnerability that allows an attacker to delete fil...