PT-2024-12403 · Unknown · Linux Graphics

Name of the Vulnerable Software and Affected Versions: Linux Graphics affected versions not specified Description: The issue is related to memory corruption that occurs while running VK synchronization with KASAN enabled. This problem is also described as a Use-After-Free UAF in Linux Graphics. N...

[SECURITY] Fedora 39 Update: nss-3.95.0-1.fc39

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

What is the parameter doppler under show system parameter

What does the doppler parameter mean ? show system parameter | grep -i doppler Doppler: ENABLED...

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

UBUNTU-CVE-2023-6680

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication...

User session fails to launch session Received an invalid packet during its ?? handshake phase

In System Event log on the VDA a TDICA event 1019 appears. "The Citrix TDICA Transport Driver connection from xxx.xxx.xxx.xxx: to port 443received an invalid packet during its ?? handshake phase" There is however no issue launching the session and no disconnection takes place. In this scenario th...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

December 12, 2023—KB5033420 (Monthly Rollup)

December 12, 2023—KB5033420 Monthly Rollup IMPORTANT The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

VulnCheck KEV: CVE-2020-7796

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled...

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

VulnCheck KEV: CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

SUSE CVE-2023-45286

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

PT-2023-8934 · Unknown · Freertos Kernel

Name of the Vulnerable Software and Affected Versions: FreeRTOS Kernel versions through 10.6.1 Description: The issue is related to insufficient protection against local privilege escalation via Return Oriented Programming techniques, should a vulnerability exist that allows code injection and...

AZL-32050 CVE-2023-45286 affecting package packer for versions less than 1.8.7-1

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: mm/slab_common: slab_caches list corruption after kmem_cache_destroy()

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...