python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious too big networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Improper access control

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity...

CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity...

CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity...

CVE-2022-23830

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity...

mod_auth_openidc: NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied

A flaw was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of...

kernel: tcp: tcp_make_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

kernel: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device On GPUs with RAS enabled, below call trace and hang are observed when shutting down device. v2: use DRM device unplugged flag instead of shutdown flag as the...

CVE-2023-20086

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper processing of ICMPv6 messages. A...

SUSE CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

GHSA-XFRJ-6VVC-3XM2 Apache Santuario - XML Security for Java are vulnerable to private key disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

CVE-2023-4645

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

PT-2023-29709 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.6.2 Description: Directus is a real-time API and App dashboard for managing SQL database content. In affected versions, any Directus installation that has websockets enabled can be crashed if the websocket server...

node-undici: cookie leakage

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

CVE-2023-4933

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

CVE-2023-36843

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework jsf module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine pfe and thereby resulting in a Denial of Service DoS. Upon...

CVE-2023-45226 BIG-IP Next SPK SSH vulnerability

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...