PT-2023-33070 · Npm +1 · Npm +1

Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to 0.8.7 Description: The issue allows an untrusted user with admin rights to a tenant instance to install a plugin that can access information from other tenants, potentially compromising all tenants of the...

How to export a VPX instance on an SDX to an XVA file

This article will describe how to export an XVA file of a VPX from an SDX. This file contains the entire contents of the VPX including an image of the VPX's file systems...

Amazon Linux AMI : bind (ALAS-2023-1789)

The version of bind installed on the remote host is prior to 9.8.2-0.68.rc1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1789 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished...

Oracle Linux 9 : bind (ELSA-2023-4099)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4099 advisory. 32:9.16.23-11.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : bind9.16 (ELSA-2023-4100)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4100 advisory. 32:9.16.23-14.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : bind (ELSA-2023-4102)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4102 advisory. 32:9.11.36-8.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the...

ch.admin.bit.jeap:jeap-archrepo-docgen (>=2.10.0 <=4.31.0), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=4.31.0) +498 more potentially affected by CVE-2023-35887 via org.apache.sshd:sshd-sftp (>=2.0.0 <=2.9.2)

org.apache.sshd:sshd-sftp MAVEN version =2.0.0, =2.10.0, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =1.1.0, =1.1.1 - com.ailbb:alt =1.5 - com.amashchenko.maven.plugin:gitflow-maven-plugin =1.21.0 and more Source cves: CVE-2023-35887 Source...

SUSE SLES15 / openSUSE 15 Security Update : bind (SUSE-SU-2023:2794-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2794-1 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queri...

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

Memory corruption

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

CVE-2023-21638

CVE-2023-21638 describes memory corruption in the video subsystem when APIs are invoked with an instance ID different from the one received during initialization. Several sources (NVD, Red Hat, PRION, CNNVD, Android Pixel bulletin) reference this issue as affecting Qualcomm components and list it...

CVE-2023-21638 Incorrect Type Conversion or Cast in Video

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

Qualcomm Chipsets 代码问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue that occurs when the API for calling the instance ID differs from the instance ID received in initialization...

PT-2023-18301 · Qualcomm · Snapdragon +40

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves memory corruption in video when calling APIs with a different instance ID than the one received during initialization. Recommendations: At the moment, there is no...

K000135252: BIND vulnerability CVE-2023-2829

Security Advisory Description A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9...

Hardcoded credentials

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

CVE-2023-2829

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...

Design/Logic Flaw

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...

Design/Logic Flaw

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...