CVE-2023-41892 Craft CMS Remote Code Execution vulnerability

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Microsoft Windows Defender Security Vulnerability

Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from Microsoft USA. A security vulnerability exists in Microsoft Windows Defender. An attacker exploiting the vulnerability could bypass certain features...

PT-2023-15808 · Unknown · Control De Ciber

Name of the Vulnerable Software and Affected Versions: Control de Ciber version 1.650 Description: The issue is a Buffer Overflow vulnerability in the printing function. It occurs when an administrator tries to accept or delete a print query created by a modified request sent by an attacker. This...

ROS-20230911-09

A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to incorrect restriction of path name to restricted directory when processing element xi:include. Exploitation of the vulnerability may allow an intruder to gain unauthorized...

ALSA-2023:5081 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

matrix-media-repo Cross-Site Scripting Vulnerability

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cross-site scripting vulnerability exists in matrix-media-repo versions prior to 1.3.0, which originates from a vulnerability that allows an attacker to upload an SVG image containing JavaScript script to a serv...

Oracle Linux 5 : setroubleshoot (ELSA-2008-0061)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0061 advisory. setroubleshoot: 2.0.5-3.0.1.el5 - replace missed references to bugzilla.redhat.com with linux.oracle.com 2.0.5-3 - Resolve: bug 436564: socket.getsocko...

The vulnerability of the `retry-delay` command in the cURL command-line utility allows a hacker to trigger a service failure.

The vulnerability of the retry-delay command in the cURL command-line utility is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

DRUPAL-CONTRIB-2023-044

The Webprofiler module provides a way of displaying the Symfony profile debugging tool at the bottom of each page. The abbr\class Twig filter can be used to bypass the Twig auto-escape feature. This vulnerability is mitigated by the fact that it is only exposed when the filter is specifically use...

QakBot's Endgame: The Final Move Before the Takedown

QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...

Options could not be settled, causing liquidity get locked in vault

Lines of code Vulnerability details Impact In settle logics, RdpxV2Core contract calls to PerpetualAtlanticVault.settle to update funding, burn option tokens and do some token settles. However, the logic could be reverted in the call...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

OSV-2023-769 Index-out-of-bounds in derive_spatial_luma_vector_prediction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61844 Crash type: Index-out-of-bounds Crash state: derivespatiallumavectorprediction filllumamotionvectorpredictors motionvectorsandrefindices...

PT-2023-35986 · Git +1 · Kimageformats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to an index-out-of-bounds crash. Technical details about the crash include the functions derive spatial luma vector prediction, fill...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2023-23774

CVE-2023-23774 affects the Motorola EBTS/MBTS Site Controller. The vulnerability arises when an unhandled exception causes the device to drop to a debug prompt on the serial port, which an attacker with physical access can trigger. This can potentially allow extraction of secret key material and/...

The vulnerability of TP-Link Tapo L530 Wi-Fi light controller’s microprogramming software lies in the lack of the ability to use a arbitrary vector for initialization during encryption mode. This allows attackers to execute a brute-force attack.

The vulnerability of TP-Link Tapo L530 Wi-Fi bulbs’ microprogramming software is related to the lack of the ability to use a arbitrary initialization vector with encryption blocks enabled. Exploiting this vulnerability allows an attacker operating remotely to execute a brute-force attack...