Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code executio...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors...

PT-2023-3920 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the Windows OLE technology, which allows binding and embedding objects into other documents and objects. This can lead to remote cod...

PT-2023-9603 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 20.x Description: The use of the deprecated API process.binding can bypass the permission model through path traversal, potentially allowing a remote attacker to bypass security restrictions and gain unauthorized access to...

[SECURITY] Fedora 38 Update: tang-14-1.fc38

Tang is a small daemon for binding data to the presence of a third party...

postgresql security update

13.11-1.0.1 - Fixed postgresql port binding issue during bootup Orabug: 35420628 13.11-1 - Update to 13.11 - Resolves: 2207935...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 70, which stems from the possibility that an infected child process may inject XBL bindings into privileged CSS rules, leading to...

PT-2025-38212

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2-rc5-00047-g7c46948a6e9c Description A flaw exists in the Linux kernel related to the fsl-mc bus driver. Changes introduced by VFIO caused the creation of a pseudo-device as a child of fsl-mc devices, leading ...

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Today, CISA issued Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch FCEB agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-2230)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-2217)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

Hardcoded credentials

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

The vulnerability of the Apache InLong data integration platform lies in the improper assignment of permissions to critical resources, allowing attackers to increase their privileges and perform arbitrary cluster binding.

The vulnerability of the Apache InLong data integration platform is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability can allow an attacker to enhance their privileges and perform arbitrary cluster binding...

CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32409 Apple Multiple Products WebKit Sandbox Escape Vulnerability CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability CVE-2023-323...