Improper Access Control

openjdk8 is vulnerable to Improper Access Control. An attacker can unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data via CORBA...

Exploit for Code Injection in Horsicq Xmachoviewer

CVE-2023-49313 A dylib injection vulnerability in XMachOViewer...

PT-2023-35576 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash occurs in the pcpp::RawPacket::insertData function,...

mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Itemfield::fixouterfield...

kernel: HID: check empty report_list in hid_validate_values()

A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system...

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c related to ext4_es_insert_extent.

...

Oracle Identity Manager (October 2023 CPU)

The version of Oracle Identity Manager installed on the remote host is missing a security patch and is, therefore affected by multiple vulnerabilities as referenced in the October 2023 Critical Patch UpdateCPU advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion...

Oracle Java SE Security Update (oct2023) 02 - Windows

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22122

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access v...

CVE-2023-22117

CVE-2023-22117 affects Oracle FLEXCUBE Universal Banking (Infrastructure component). Vulnerable versions: 12.3, 12.4, 14.0–14.3, and 14.5–14.7. Root cause cited in connected sources: insufficient input validation in the Infrastructure component, enabling a low-privileged attacker with network acc...

SUSE CVE-2023-45898

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extentsstatus.c, related to ext4esinsertextent...

DEBIAN-CVE-2023-45898

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extentsstatus.c, related to ext4esinsertextent...

UBUNTU-CVE-2023-45898

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extentsstatus.c, related to ext4esinsertextent...

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request,...

CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

PT-2023-27366 · Kong · Kong Insomnia

Name of the Vulnerable Software and Affected Versions: Kong Insomnia version 2023.4.0 Description: The issue allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD INSERT LIBRARIES environment variable. This can be exploited on macOS...

CVE-2023-41734

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nigauri Insert Estimated Reading Time plugin = 1.2 versions...

CVE-2023-41734 WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nigauri Insert Estimated Reading Time plugin = 1.2 versions...

CVE-2023-41734 WordPress Insert Estimated Reading Time Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nigauri Insert Estimated Reading Time plugin = 1.2 versions...