624 matches found
CVE-2023-25519
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges...
CVE-2023-25519
CVE-2023-25519 affects NVIDIA’s ConnectX Host Firmware for the BlueField Data Processing Unit. The issue, described as a restricted-host induced incorrect user-management error, can lead to privilege escalation if exploited. The in-field impact is consistent with a total impact on confidentiality...
PT-2023-5047 · Microsoft · Office Word +1
Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: The issue is related to errors in processing input data in Microsoft Word, allowing remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment,...
PT-2023-20131 · Nvidia · Nvidia Connectx Host Firmware
Name of the Vulnerable Software and Affected Versions: NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit affected versions not specified Description: The issue is related to a vulnerability in the NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit, where a...
Security Bulletin: NVIDIA BlueField Data Processing Unit - September 2023
NVIDIA has released a firmware update for the NVIDIA BlueField Data Processing Unit. This update addresses security issues that may lead to escalation of privileges. To protect your system, download and install this firmware update from the NVIDIA Networking Support page. Go to NVIDIA Product...
Information disclosure
Transient DOS in Modem while processing invalid System Information Block 1...
MIT Kerberos 资源管理错误漏洞
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications through a key system. A security vulnerability...
India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill DPDPB after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of...
Input validation
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This fla...
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
Double free
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
CVE-2023-37476
OpenRefine's CVE-2023-37476 is a documented zip-slip style vulnerability in the import mechanism for tarred OpenRefine projects. It affects all versions up to 3.7.3 and can allow arbitrary code execution in the OpenRefine process when a user imports a crafted tar file. The issue is widely referen...
CVE-2023-37476 Zip slip in OpenRefine
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
Logic Flaw Vulnerability in Edge Console at AliCloud Computing Ltd.
AliCloud Computing Ltd. is the world's leading cloud computing and artificial intelligence technology company, dedicated to providing secure and reliable computing and data processing capabilities as an online public service, making computing and artificial intelligence a universal technology. A...
ROS-20230622-08
Mozilla Thunderbird email client vulnerability is related to a boundary error in FileReader::DoReadData when reading a file. Exploitation of the vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system. memory corruption and...
PT-2023-3283 · Palo Alto Networks +1 · Globalprotect +2
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect Agent affected versions not specified Description: The issue is related to errors in processing input data in the GlobalProtect Agent. It allows an attacker to execute arbitrary commands with elevated...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...
Apache RocketMQ Command Execution Vulnerability
Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. A command execution vulnerability exists in Apache RocketMQ 5.1.0 and prior versions, which stems from an application failing to properly filter special elements of...