CVE-2023-3817 Excessive time spent checking DH q parameter value

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2489)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2464)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Improper Authentication in Ivanti Endpoint_Manager_Mobile

CVE-2023-35078 shodan dorks You can use the following sho...

CVE-2023-37285

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges...

Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges...

CVE-2023-37285

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges...

CVE-2023-37285

CVE-2023-37285 is an out-of-bounds read vulnerability in Apple platforms. The issue could allow an app to execute arbitrary code with kernel privileges. It is fixed in iOS/iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, and macOS Ventura 13.5. Exploitation status and in-the-wild detai...

AdvanceMAME Stack Buffer Overflow Vulnerability

AdvanceMAME is a port of the MAME 0.106 and MESS 0.106 emulators from AdvanceMAME, Inc. For arcade monitors and TVs, also for LCD and PC monitors. AdvanceMAME suffers from a stack buffer overflow vulnerability due to incorrect bounds checking performed by function png\u convert\u 4 in file...

DEBIAN-CVE-2023-30577

AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...

UBUNTU-CVE-2023-30577

AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...

CVE-2023-2640

CVE-2023-2640 describes a local privilege-escalation in Ubuntu kernels where overlayfs allows an unprivileged user to set privileged trusted.overlayfs.* xattrs on mounted files due to a skip-permission-check in overlayfs. This affects Ubuntu kernel builds carrying the c914c0e27eb0 change paired w...

PT-2023-8692 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: AMANDA versions prior to 3.5.4 Description: The issue is related to the mishandling of argument checking for runtar.c in the AMANDA software, which can be exploited to elevate privileges. This is a different issue than previously reported...

AIX 7.3 TL 1 : zlib (IJ44986)

https://vulners.com/cve/CVE-2022-37434 zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system. %NASLMINLEVEL 70300 ...

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2023-2431)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script...

The vulnerability of the lxmldbc_system() function in D-Link DIR-600 B5 router software allows for the execution of arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-600 B5 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2023-38503 Directus has Incorrect Permission Checking for GraphQL Subscriptions

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37

gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

Samba Spotlight mdssvc RPC Request Type

Description When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the function...