CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users (CVE-2023-35625) is an information disclosure vulnerability with a CVSS v3.1 base score of 4.7 (Local attack, High confidentiality impact; others not impacted). Affected component is the Azure Machine Learning Compute Instance for SDK Users. R...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

PT-2023-30866 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6.x through 6.14 P1 HF2 6.14.0.1.2 Description: The issue allows an authenticated malicious user in a multi-instance installation to potentially exploit it by manipulating application resource references in user...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

PT-2023-28431 · Samsung · Libfacepreprocessingjni.Camera.Samsung.So

Name of the Vulnerable Software and Affected Versions: libFacePreProcessingjni.camera.samsung.so versions prior to SMR Dec-2023 Release 1 Description: The issue is related to an integer overflow vulnerability in the detectionFindFaceSupportMultiInstance function of the...

Design/Logic Flaw

Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...

USN-6519-2 ec2-hibinit-agent update

USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

USN-6519-1 ec2-hibinit-agent update

The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerabilities (USN-6513-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6513-1 advisory. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a...

USN-6493-1 hibagent update

On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured...

SUSE CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

Backup error: "The instance configuration for this AWS Marketplace product is not supported."

Challenge The backup of an EC2 instance fails with the following error: Processing "instance-name" failed: The instance configuration for this AWS Marketplace product is not supported. Please see the AWS Marketplace site for more information about supported instance types, regions, and operating...

GHSA-R7X6-XFCM-3MXV Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are...

Denial Of Service (DoS)

squid gitlab is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Squid instance. The request would cause Squid to consume excessive resources and crash, which would prevent legitimate users from being abl...

Design/Logic Flaw

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

kernel: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()

A memory leak vulnerability was found in the VMware graphics driver vmwgfx in the Linux kernel. In vmwmksstataddioctl, when copying the description string from userspace fails with -EFAULT, the allocated page for the instance descriptor is not freed. This leads to memory leakage that can cause...

Fedora 39 : bind / bind-dyndb-ldap (2023-c0ff5a2f68)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0ff5a2f68 advisory. Update to BIND 9.18.16 Selected parts from upstream release notes. Visit that for details of bug fixes. Security Fixes - The overmem cleaning proces...