PT-2023-31158 · Unknown +3 · Gnu Core Utilities +3

Name of the Vulnerable Software and Affected Versions: OpenZFS versions 2.1.13 and earlier OpenZFS versions 2.2.x through 2.2.1 Description: The issue is related to the replacement of file contents with zero-valued bytes, potentially disabling security mechanisms in certain scenarios involving...

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

Oracle Linux 8 : libmicrohttpd (ELSA-2023-7090)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7090 advisory. 1:0.9.59-3 - Add cve-2023-27371.patch Related: rhbz2174639 CVE-2023-27371 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : emacs (ELSA-2023-7083)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7083 advisory. 1:26.1-11 - Bump version Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...

OESA-2023-1827 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function...

OESA-2023-1825 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function...

CVE-2023-44442

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

CVE-2023-44444

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

CVE-2023-44443

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

Vulnerabilities fixed in GIMP

Vulnerabilities have been fixed in GIMP. A malicious person could vulnerabilities to execute arbitrary code with victim's privileges, potentially gaining access to sensitive data. Successful exploitation requires the malicious party to trick the victim into opening a rogue file. The developers of...

Oracle Linux 9 : gmp (ELSA-2023-6661)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6661 advisory. 1:6.2.0-13 - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpnpreinvdivrem1 should now not be removed Related:...

CVE-2023-44444

GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...

FreeBSD : typo3 -- Multiple vulnerabilities (7cc003cb-83b9-11ee-957d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7cc003cb-83b9-11ee-957d-b42e991fc52e advisory. - TYPO3 is an open source PHP based web content management system released under the GNU GPL. ...

Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)

Summary Vulnerability with GNU glibc - CVE-2023-4911 and libcURL CVE-2023-38545 & CVE-2023-38546 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-4911 DESCRIPTION: glibc could allow a local authenticated attacker to gain elevated privileges...

CVE-2023-47126

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

CVE-2023-47127

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the...

CVE-2023-47125

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

Design/Logic Flaw

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory e.g. /var/www/html/var/transient/. This applies to composer-based scenarios only...

Cross site scripting

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

CVE-2023-47125

CVE-2023-47125 affects TYPO3’s html-sanitizer: DOM processing instructions are not handled correctly, allowing bypass of the built-in XSS protection. Affected TYPO3/core-html-sanitizer versions are mitigated by upgrading to 1.5.3 or 2.1.4, which fix the issue. The vulnerability arises in the sani...