Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables

Impact This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri...

Amazon Linux 2 : containerd (ALASECS-2023-014)

The version of containerd installed on the remote host is prior to 1.4.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-014 advisory. A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image...

CVE-2023-46115 Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

CVE-2023-46115 Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

CVE-2023-3042

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

CVE-2023-3042

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

Design/Logic Flaw

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp...

CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

Medium: containerd

Issue Overview: A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data...

OESA-2023-1723 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2023-1724 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

GHSA-RR4X-CRHF-8886 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. Let's say if a token is sent via variables, the following reques...

Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. Let's say if a token is sent via variables, the following reques...

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

glibc ld.so Local Privilege Escalation Vulnerability

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBCTUNABLES environment variable. This vulnerability was introduced in April 2021 glibc 2.34 by commit 2ed18c. Looney Tunables: Local Privilege Escalation in the glibc's ld....

glibc: buffer overflow in ld.so leading to privilege escalation

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable socks5resolvelocal could get the wrong value during a slow SOCKS5 handshak...

CVE-2023-3665

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code...