CVE-2023-41081 Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request

Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...

Apache Tomcat Security Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from the fact that modjk uses an implicit mapping when the...

PT-2023-6220 · Mozilla +3 · Network Security Services +3

Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions prior to 3.61 Description: The issue is related to the implementation of the PKCS1 v1.5 standard in the NSS library, which was leaking information useful for mounting Bleichenbacher-like attacks through...

PT-2023-5210 · Apache +5 · Apache Tomcat Connectors +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat Connectors versions 1.2.0 through 1.2.48 Description: The mod jk component of Apache Tomcat Connectors is affected by an issue where, in certain circumstances, such as when a configuration includes "JkOptions +ForwardDirectories...

CVE-2023-30730

Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file...

CVE-2023-30730

The CVE-2023-30730 issue is an implicit intent hijacking vulnerability in the Samsung Camera app across Android 11–13: Camera prior to 11.0.16.43 (Android 11), 12.0.07.53–12.1.03.10 (Android 12), and 13.0.01.43–13.1.00.83 (Android 13) can allow a local attacker to access specific files. Root caus...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices, which originates from an implicit intent hijacking vulnerability in Camera...

PT-2023-22933 · Google · Android 11 +3

Name of the Vulnerable Software and Affected Versions: Camera versions prior to 11.0.16.43 in Android 11 Camera versions 12.0.07.53 through 12.1.03.10 in Android 12 Camera versions 13.0.01.43 through 13.1.00.83 in Android 13 Description: The issue allows a local attacker to access specific files...

Feathers socket handler allows abusing implicit toString

Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

PT-2023-23722 · Umbraco · Umbracoidentityextensions

Name of the Vulnerable Software and Affected Versions: UmbracoIdentityExtensions versions affected versions not specified Description: The issue concerns the UmbracoIdentityExtensions package, which is an Umbraco add-on for ASP.Net Identity integration. In affected versions, client secrets are no...

CVE-2023-30571

A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archivewritediskheader on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can...

DEBIAN-CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race...

PT-2023-36151 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...

CVE-2023-21452

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device...

CVE-2023-21452

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device...

PT-2023-18220 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth versions prior to SMR Mar-2023 Release 1 Description: The issue is related to the improper usage of implicit intent in Bluetooth, allowing an attacker to obtain the MAC address of a connected device. Recommendations: For Bluetooth...

CVE-2023-21452

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device...