[SECURITY] Fedora 39 Update: libcxx-17.0.2-1.fc39

libc++ is a new implementation of the C++ standard library, targeting C++11...

CVE-2023-1194 Use-after-free in parse_lease_state()

An out-of-bounds OOB memory read flaw was found in parseleasestate in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of NameOffset in the parseleasestate...

Upgraded Q -> 2 from #430 [1699028562977]

Judge has assessed an item in Issue 430 as 2 risk. The relevant finding follows: It’s not clear which token the OD token will be paired with in order to determine the price in the uniV3Relayer contract. Then the following lines are problematic: baseAmount = uint12810...

Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory. - Microsoft Edge Chromium-based Remote Code Execution Vulnerability CVE-2023-36022,...

CLSA-2023-1698946014 sqlite: Fix of CVE-2022-35737

CVE-2022-35737: increase the size of loop variables in the printf implementation...

Chromium: CVE-2023-5851 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2023-5857 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Design/Logic Flaw

A use-after-free flaw was found in setupasyncwork in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work...

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

Design/Logic Flaw

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...

Cross site scripting

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2023-5858

The CVE-2023-5858 entry concerns Google Chrome’s WebApp Provider: an inappropriate implementation in Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate the security UI via a crafted HTML page. The issue is categorized as Low severity by Chromium, with CVSSv3.1 metrics: AV:N/AC:...

CVE-2023-5851

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

CVE-2023-5480

CVE-2023-5480 affects Chromium-based browsers (Google Chrome/Chromium) with versions prior to 119.0.6045.105. It describes an inappropriate implementation in Payments that could allow a remote attacker to bypass XSS protections via a malicious file. Public advisories in this set confirm remediati...

CVE-2023-20042

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...

CVE-2023-5627

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service...

CVE-2023-5627 Incorrect Implementation of Authentication Algorithm Vulnerability

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service...

CVE-2023-5627 Incorrect Implementation of Authentication Algorithm Vulnerability

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service...