UBUNTU-CVE-2023-3550

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...

Important: kernel-livepatch-5.10.184-175.731

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter...

CVE-2023-43631

The CVE-2023-43631 issue affects the Pillar/EVE container in EVE OS. On boot, the container checks for /config/authorized_keys and, if a valid public key is present, enables SSH on port 22 for root login. The /config partition is not protected by measured boot, is mutable, and unencrypted, allowi...

CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...

CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...

PT-2023-32965 · Unknown · Cosmovisor

Name of the Vulnerable Software and Affected Versions: Cosmovisor versions prior to v1.0.0 Description: An issue has been identified in Cosmovisor that may result in a Denial of Service or Remote Code Execution path depending on configuration for a node or validator using the vulnerable version t...

CLSA-2023-1693906015 busybox: Fix of CVE-2022-48174

CVE-2022-48174: fix unlikely stack overflow - testsuite was enabled...

CLSA-2023-1693905084 busybox: Fix of CVE-2022-48174

CVE-2022-48174: fix unlikely stack overflow - testsuite was enabled...

Qualcomm Chipsets Buffer Error Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from audio memory corruption during a playback session with audio effects enabled...

GHSA-VXVM-QWW3-2FH7 MongoDB Driver may publish events containing authentication-related data

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

“The Access Policy has externally been modified and cannot be changed by Studio” warning message

After setting access policy rule, “Access Policy” option in “Edit Delivery Group” dialog cannot display. ------------------------ Add-PSSnapin -Name Citrix. Set-BrokerAccessPolicyRule 'AG' -IncludedClientIPFilterEnabled $True Set-BrokerAccessPolicyRule 'AG' -IncludedClientIPs xxx.xxx.xxx.xxx...

Important: kernel-livepatch-4.14.314-238.539

Issue Overview: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLA...

Important: kernel-livepatch-4.14.313-235.533

Issue Overview: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLA...

USN-6301-1 linux-hwe-5.4, linux-xilinx-zynqmp vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

PHP Code Issues Vulnerabilities

PHP is a scripting language for PHP that executes on the server side. PHP suffers from a code issue vulnerability that stems from loading external entities without XML enabled, resulting in a local file disclosure. Affected products and versions: PHP version 8.0 prior to 8.0.30, version 8.1 prior...

Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Interpol has announced the takedown of a phishing-as-a-service PhaaS platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,...

Ubiquiti UniFi Input Validation Error Vulnerability

Ubiquiti UniFi is a wireless networking system from Ubiquiti, Inc. A security vulnerability exists in Ubiquiti UniFi Access Points 6.5.50 and earlier, and Switches 6.5.32 and earlier, which stems from an integer overflow vulnerability in UniFi Access Points and Switches except Switch Flex Mini wi...

PYSEC-2023-321

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...

PT-2023-6277

Name of the Vulnerable Software and Affected Versions WireGuard client version 0.5.3 Description The issue is related to errors in handling links, allowing a remote attacker to block IP traffic to selected IP addresses. This can be exploited to trick the victim into blocking IP traffic to chosen ...

CVE-2023-38176

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability...