Debian: Security Advisory (DSA-5529-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5529-1] slurm-wlm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5529-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2023 https://www.debian.org/security/faq -...

CVE-2023-5441

A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash. Mitigation Do not run untrusted vim scripts as it's not recommended...

CVE-2023-5268

A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtmltaglistaction.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2023-41990

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is...

Code injection

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is...

The vulnerability of the library for processing files and network operations, hutool-json, is related to writing beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the hutool-json library for file processing and network operations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the XML.toJSONObject component in the file and network operations library hutool-json allows a attacker to cause a service failure.

The vulnerability of the XML.toJSONObject component in the library for file processing and network operations in hutool-json is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-4872

A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2023-4852 IBOS OA optimize sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/user/export&uid=X. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

CVE-2023-4448

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit h...

CVE-2023-4436

A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/editupdate.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated...

While trying to gather logs the file shows "Could not process the file. File size is too large".

- While trying to reach the logs via the ADC GUI it says "Could not process the file. File size is too large " - The file is not that large less than 1-5 MB and can be observed via CLI or extracted via SFTP. - Only fails via GUI...

Buffer Overflow

osslsigncode is vulnerable to Buffer Overflows. This vulnerability occurs due to a flaw in the way that mtrojnar osslsigncode handles the processing of large files. An attacker can exploit this vulnerability to cause a denial-of-service DoS attack or potentially execute arbitrary code on the syst...

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the execution of operations beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the execution of operations beyond the buffer boundaries in memory when processing STP files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the CrashAlwaysIf function in the PDF, EPUB, MOBI, FB2, CHM, XPS, and DjVu formats allows a perpetrator to trigger a service failure.

The vulnerability of the CrashAlwaysIf function in the PDF, EPUB, MOBI, FB2, CHM, XPS, and DjVu formats processing documents by SumatraPDF is related to the copying of buffers without checking the size of the input data when processing text files first.txt and second.txt. Exploiting this...

CVE-2023-3986

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. Th...

CVE-2023-32418

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution...