GHSA-FX3V-4W3W-WPWR Code injection in wix-embedded-mysql

wix-embedded-mysql v4.6.2 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39021

wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument...

Wix Embedded MySql 代码注入漏洞

Wix Embedded MySql is a Wix Incubator open source based embedded mysql. A security vulnerability exists in Wix Embedded MySql v4.6.1 and earlier versions, which stems from a code injection vulnerability in the component com.wix.mysql.distribution.setup.apply...

Atlassian Releases Security Updates

Atlassian has released its Security Bulletin for July 2023link is external to address vulnerabilities in Confluence Data Center & Server CVE-2023-22505link is external and CVE-2023-22508link is external and Bamboo Data Center CVE-2023-22506link is external. An attacker can exploit these...

Microsoft Releases July 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guidelink is external and...

PT-2023-7056 · Technicolor · Technicolor Tg670

Name of the Vulnerable Software and Affected Versions: Technicolor TG670 version 10.5.N.9 Description: The issue concerns the presence of multiple accounts with hard-coded passwords in the Technicolor TG670 device. One of these accounts has administrative privileges, which can allow for...

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-2312)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

PT-2023-18008 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the load dt data function of storage.c due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privilege...

Advisory ROSA-SA-2023-2176

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

ImageMagick Arbitrary Read Files - CVE-2022-44268 This reposi...

AZL-27181 CVE-2023-1999 affecting package libwebp for versions less than 1.3.2-1

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

ALPINE-CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

Microsoft Releases June 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guidelink is external and...

GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

...

CVE-2023-34940

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-34942

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-34942

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-34940

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2023-25070 · Asus · Asus Rt-N10Lx Router

Name of the Vulnerable Software and Affected Versions: Asus RT-N10LX Router version 2.0.0.39 Description: A stack overflow issue was discovered via the mac parameter at the "/start-apply.html" API endpoint. This issue only affects products that are no longer supported by the maintainer...

ASUS RT-N10LX 缓冲区错误漏洞

ASUS RT-N10LX is a router from Asus China. A security vulnerability exists in ASUS RT-N10LX Router version v2.0.0.39, which was discovered to contain a stack overflow vulnerability via the url parameter of /start-apply.html...