kernel: gpiolib: fix memory leak in gpiochip_setup_dev()

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console

A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the TIOCLINUX ioctl command instead of TIOCSTI. If a Flatpak app is run on a Linux virtual console such as /dev/tty...

WordPress Defender Security Plugin <= 4.2.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-47189 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 9d721f7eb609 Credits Naveen Muthusamy Required...

Debian DSA-5545-1 : vlc - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5545 advisory. An out-of-bounds write was discovered in the MMS demuxer of the VLC media player. For the oldstable distribution bullseye, this problem has been fixed in version...

CVE-2023-46927

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...

CVE-2023-46928

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gfmediachangepl /afltest/gpac/src/mediatools/isomtools.c:3293:42...

CVE-2023-46931

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmxparsesidedata /afltest/gpac/src/filters/ffdmx.c:202:14 in gpac/MP4Box...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV that stems from the inclusion of a segmentation error...

CVE-2023-46927

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...

CVE-2023-46927

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gfisomusecompactsize gpac/src/isomedia/isomwrite.c:3403:3 in gpac/MP4Box...

CVE-2023-46928

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gfmediachangepl /afltest/gpac/src/mediatools/isomtools.c:3293:42...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV, which stems from a contained heap buffer overflow...

USN-6463-1: Open VM Tools vulnerabilities

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...

AZL-31733 CVE-2023-34059 affecting package open-vm-tools for versions less than 11.3.0-3

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

GLSA-202310-14 : libinput: format string vulnerability when using xf86-input-libinput

The remote host is affected by the vulnerability described in GLSA-202310-14 libinput: format string vulnerability when using xf86-input-libinput - A format string vulnerability was found in libinput CVE-2022-1215 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

UBUNTU-CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

Ubuntu 16.04 ESM : Crypto++ vulnerability (USN-4827-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4827-1 advisory. It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information. Tenable has extracte...

Denial of service

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV...