CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-28895

The CVE-2023-28895 entry concerns Škoda MIB3 infotainment’s PoWer Controller (PWC) with a hard-coded password in the firmware. This allows an attacker with physical access to gain full control of the PWC chip on Škoda Superb III (3V3) 2.0 TDI (2022). Connected documents confirm the hardware/softw...

[SECURITY] Fedora 38 Update: gst-devtools-1.22.7-1.fc38

Development and debugging tools for GStreamer...

kernel: mm/slab_common: slab_caches list corruption after kmem_cache_destroy()

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

Zyxel ATP Security Vulnerability

Zyxel ATP is a firewall from China Heqin Zyxel. A security vulnerability exists in the Zyxel ATP series that stems from an incorrect privilege management vulnerability when debugging CLI commands, which allows an authenticated, local attacker to access system files on the affected device. Affecte...

[SECURITY] Fedora 39 Update: gst-devtools-1.22.7-1.fc39

Development and debugging tools for GStreamer...

Bread - BIOS Reverse Engineering And Advanced Debugging

BREAD BIOS Reverse Engineering & Advanced Debugging is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code on real HW from another PC via serial cable. Introduction BREAD emerged from many failed attempts to reverse engineer legacy BIOS. Given that the vast majority -- ...

RHEL 9 : cups (RHSA-2023:6596)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6596 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups...

[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39

GDB, the GNU debugger, allows you to debug programs written in C, C++, Fortran, Go, and other languages, by executing them in a controlled fashion and printing their data. If you want to use GDB for development purposes, you should install the 'gdb' package which will install 'gdb-headless' and...

First handset with MTE on the market

By Mark Brand, Google Project Zero Introduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said to far too many people at this point to be able to back out… that I'd immediately switch to the first available device...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

Proof of concept for CVE-2023-4911 Looney Tunables This vu...

SUSE: Security Advisory (SUSE-SU-2023:4183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4184-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4185-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion XSA-440 bsc1215744. - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled XSA-442 bsc1215746. -...

SUSE-SU-2023:4184-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion XSA-440 bsc1215744. - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled XSA-442 bsc1215746. -...

CVE-2023-4645

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

Design/Logic Flaw

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...