CVE-2023-22940

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language SPL command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

PT-2023-18777 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows a search to bypass safeguards for risky commands using the pivot search processing...

PT-2023-18784 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue concerns aliases of the collect search processing language SPL command, including...

PT-2023-18786 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: A cross-site request forgery in the Splunk Secure Gateway SSG app in the 'kvstore client' REST endpoi...

CLSA-2023-1675986271 sudo: Fix of CVE-2023-22809

CVE-2023-22809: do not permit editor arguments to include "--" for sudoedit - build tests have been enabled...

CLSA-2023-1675985571 sudo: Fix of CVE-2023-22809

CVE-2023-22809: do not permit editor arguments to include "--" for sudoedit - build tests have been enabled...

openvswitch: Out-of-Bounds Read in Organization Specific TLV

A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service...

Upgraded Q -> 2 from #769 [1675429128999]

Judge has assessed an item in Issue 769 as 2 risk. The relevant finding follows: L-1 requireNextActiveMultisig always returns the 1st enabled Multisig Relevant code: As the name suggested, MultisigManager.requireNextActiveMultisig should return the next enabled Multisig. However, it actually alwa...

Arbitrary Command Execution

openmage/magento-lts is vulnerable to Arbitrary Command Execution. The vulnerability is due to the validateAgainstBlockMethodBlacklist function in Security.php which doesn't prevent custom layout enabled admin users from executing malicious commands via block methods...

Kerberos Authentication Check Scanner

This module will test Kerberos logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Kerberos accounts which do not require pre-authentication...

CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

Contec CONPROSYS HMI System SQL注入漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System version 3.5.0 and prior versions, which can be exploited to execute arbitrary...

PT-2023-2886 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Editor affected versions not specified Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

PT-2023-2889 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Editor affected versions not specified Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

GSD-2023-1000333 Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled

Kconfig.debug: provide a little extra FRAMEWARN leeway when KASAN is enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.268 by commit...

PT-2023-33314 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.158 Description: The issue provides extra FRAME WARN leeway when KASAN is enabled. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2023-33455 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to a crash caused by a flush request when blktrace is enabled, potentially affecting the nvme module. The actual impact and attack plausibility have not yet been proven...

App Layering - PVS Connector with Offload Enabled - Task Error "404 (Not Found)"

App Layering PVS connector with offload enabled "An unexpected system error occurred. Retry the operation or contact technical support. Exception Message: Response status code does not indicate success: 404 Not Found"...

CVE-2023-22394 Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services DoS. This issue occurs on all MX Series platforms with MS-MPC or MS-MI...