Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-114)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-114 advisory. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This...

Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability

Talos Vulnerability Report TALOS-2022-1595 Netgear Orbi Router RBR750 hidden telnet service command execution vulnerability March 21, 2023 CVE Number CVE-2022-38452 SUMMARY A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-1882)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1882 advisory. - A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs manipulation...

UBUNTU-CVE-2023-1452

A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/loadtext.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit...

PT-2023-16990 · Unknown · Watchdog Anti-Virus

Name of the Vulnerable Software and Affected Versions: Watchdog Anti-Virus version 1.4.214.0 Description: A problematic vulnerability was found in Watchdog Anti-Virus, affecting the function in the library wsdk-driver.sys of the component IoControlCode Handler. This leads to denial of service. Th...

[SECURITY] Fedora 36 Update: libtpms-0.9.6-1.fc36

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

[SECURITY] Fedora 38 Update: libtpms-0.9.6-1.fc38

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Service Update 1.16 for Microsoft Dynamics CRM (on-premises) 9.1

Service Update 1.16 for Microsoft Dynamics CRM on-premises 9.1 Dynamics 365 Introduction Service Update 9.1.16 for Microsoft Dynamics CRM on-premises 9.1 is now available. This article describes the hotfixes and updates that are included in Service Update 9.1.16. More information Update package|...

Duncaen OpenDoas 安全漏洞

Duncaen OpenDoas is a program from the individual developer Duncaen that provides limited Sudo functionality for Linux systems. A security vulnerability exists in OpenDoas 6.8.2 and earlier versions, which stems from sharing a terminal with the original session, and can be exploited by an attacke...

GHSA-66M4-GC8H-HPJX Timing attack in eZ Platform Ibexa

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

New BlackSnake Ransomware Performs Clipper Operations on Cryptocurrency Users

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary BlackSnake ransomware has been discovered with clipper functionality that intercepts and replaces the cryptocurrency wallet addresses of victims with those of attacke...

Sensitive Information Disclosure

directus is vulnerable to Sensitive Information Disclosure. The vulnerability exists because users with read access to the password field in directususers can extract the argon2 password hashes by brute-forcing the export functionality combined with a startswith filter, which allows an attacker t...

Gas griefing is possible on unsafe external calls on execute

Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...

GHSA-M5Q3-8WGF-X8XF Directus vulnerable to extraction of password hashes through export querying

Impact Users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allows the user to enumerate the password hashes. Patches The problem has been patched by preventing any...

Directus vulnerable to extraction of password hashes through export querying

Impact Users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allows the user to enumerate the password hashes. Patches The problem has been patched by preventing any...

CVE-2015-10087

CVE-2015-10087 affects UpThemes Theme DesignFolio Plus version 1.2 for WordPress. The vulnerability is an unrestricted file upload in an unknown functionality, exploitable remotely with no user interaction, and is disclosed publicly. The patch identifier 53f6ae62878076f99718e5feb589928e83c879a9 i...

GHSA-J9CW-5CPJ-9QJ5 Moodle has a Hidden Functionality vulnerability

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk...

Moodle has a Hidden Functionality vulnerability

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk...

GHSA-5GP5-VXJ6-4257 OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

Amazon Linux 2 : curl (ALAS-2023-1986)

The version of curl installed on the remote host is prior to 7.88.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1986 advisory. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the sam...