AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

CVE-2023-45142

CVE-2023-45142 affects OpenTelemetry-Go Contrib when using the otelhttp.NewHandler wrapper without filtering; the handler logs every HTTP method and User-Agent via httpconv.ServerRequest, enabling unbounded cardinality and potential memory exhaustion under many malicious requests. The root cause ...

MAL-2023-8113 Malicious code in developer-scaffold-full-width-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de16c923e65362f8728b3d71ad9d78042c8f28793d8d720d387faf6316d8b174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: bypass of shadow stack protection due to a logic error

A vulnerability was found in the efirtasmwrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed...

kernel: bypass of shadow stack protection due to a logic error

A vulnerability was found in the efirtasmwrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed...

GHSA-92RV-4J2H-8MJJ Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

Oracle Linux 5 : gdm (ELSA-2009-1364)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1364 advisory. 1:2.16.0-56 - Resolves: 239818 181302 - Fix tcp wrappers detection on 64-bit 1:2.16.0-55 Resolves: 196054 - Fix docs subpackage Requires 1:2.16.0-53 Resolves:...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

nftables oob read/write exploit CVE-2023-35001 Exploit used...

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

Malicious code in ent-screenshare-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94755502800ea05db666be828c8c519ddcf3af8673105b958701a6b3b231197c The OpenSSF Package Analysis project identified 'ent-screenshare-wrapper' @ 3.4.8 npm as malicious. It is considered malicious because: - The...

MAL-2023-1173 Malicious code in ent-screenshare-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94755502800ea05db666be828c8c519ddcf3af8673105b958701a6b3b231197c The OpenSSF Package Analysis project identified 'ent-screenshare-wrapper' @ 3.4.8 npm as malicious. It is considered malicious because: - The...

WordPress Device Wrapper Plugin < 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Device Wrapper Type Plugin Vulnerable versions 1.1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dffe70065f07 Credits Rafie Muhammad Patchstack Required...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when using a specially crafted wrapper using certain options. (CVE-2023-30442)

Summary IBM® Db2® federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. Vulnerability Details CVEID:CVE-2023-30442 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server federated server is...

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

CVE-2023-30442 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...

CVE-2023-35863

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access...