CVE-2023-1995

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before...

Out-of-bounds

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21271

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Amazon Linux 2 : cri-tools (ALAS-2023-2194)

The version of cri-tools installed on the remote host is prior to 1.26.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2194 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

PT-2023-19632 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Guardian/CMC versions prior to 22.6.2 Description: The issue arises under certain conditions, influenced by timing and the usage of the Chrome web browser, where the user session is not always fully invalidated upon logout. This allows an...

ASB-A-269456018

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Inability of Followers and Followees to Commenting

Lines of code Vulnerability details Impact The lack of functionality restricts interaction and engagement between the profile owner and their followers or the users they follow. This limitation diminishes the platform's value, as users who are interested in a post or have a genuine reason to...

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends acros...

CVE-2023-3343 User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection

The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP...

Out-of-bounds

In DMPixelLoggerProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

DRUPAL-CONTRIB-2023-030

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module doesn't sufficiently ensure all core login routes, including the password reset page, require a second factor credential. This vulnerability is mitigated ...

CVE-2023-33902

In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-33901

In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-33890

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-33880

In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-30931

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-30918

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-33901

In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...