Amazon Linux 2023 : minizip-compat, minizip-compat-devel, zlib (ALAS2023-2023-410)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-410 advisory. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39

GDB, the GNU debugger, allows you to debug programs written in C, C++, Fortran, Go, and other languages, by executing them in a controlled fashion and printing their data. If you want to use GDB for development purposes, you should install the 'gdb' package which will install 'gdb-headless' and...

Eclipse Glassfish Security Vulnerability

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A security vulnerability exists in Eclipse Glassfish versions 5 and 6, which stems from the use of older versions of the JDK versions prior to 6u211, prior to 7u201, and prior to 8u191, and can be exploited by an...

SUSE: Security Advisory (SUSE-SU-2023:4287-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

PT-2023-6819 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev605-gfc9e29089-master Description: The issue is related to a heap-buffer-overflow in the gf isom use compact size function of the GPAC multimedia platform. This can be exploited to cause a denial of service. The...

The vulnerability of multi-platform software for local development and website debugging, caused by buffer overflows, allows attackers to trigger service failures.

The vulnerability of multi-platform software for local website development and debugging is due to buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

SUSE: Security Advisory (SUSE-SU-2023:4287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

UBUNTU-CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

SUSE: Security Advisory (SUSE-SU-2023:4269-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

CVE-2023-43649

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

Directory traversal

baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue...

Cross site scripting

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-43649

CVE-2023-43649 affects baserCMS prior to version 4.8.0, where the content preview feature is vulnerable to CSRF due to inadequate verification of the request source. The underlying issue allows a forged request to perform a sensitive operation on behalf of an authenticated user. Documented impact...

CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...