UBUNTU-CVE-2023-2911

If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versio...

Cilium 信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. An information disclosure vulnerability exists in versions of Cilium prior to 1.13.4, which stems fr...

CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured...

UBUNTU-CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured...

CVE-2023-33198

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...

PT-2023-5099 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to errors in the certificate authentication procedure. An attacker may be able to choose a certificate that will be validated by the server if the "Revalidate Client...

SUSE CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

CVE-2023-28950

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358...

CVE-2023-28950

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358...

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

SUSE CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

CLSA-2023-1683814164 git: Fix of 2 CVEs

CVE-2023-25652: removing a link instead of writing into - CVE-2023-29007: restrict the config file line length to parse it whole - tests were activated - a buffer overflow during reading of configuration's enormous value has been fixed...

CVE-2023-25070

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product...

PYSEC-2023-64

mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have...

kernel: nvme: fix multipath crash caused by flush request when blktrace is enabled

In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...

Google and Apple cooperate to address unwanted tracking

Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have stated that they will support the...

CraftCMS DevMode Enabled

CraftCMS installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...

CVE-2023-22922

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device...

CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...