CVE-2021-47069

In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...

Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to PyArrow arbitrary code execution vulnerability ( CVE-2023-47248)

Summary Potential PyArrow arbitrary code execution vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow...

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

Fedora 37 : python-geopandas (2023-8857bdcd95)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8857bdcd95 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Fedora 38 : python-geopandas (2023-c907492c3e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c907492c3e advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file

Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

Deserialization of untrusted data

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

CVE-2023-47248

CVE-2023-47248 affects PyArrow IPC/Parquet readers (versions 0.14.0–14.0.0); unsafe deserialization allows arbitrary code execution when processing untrusted Arrow IPC/Feather/Parquet data. The NVD entry and multiple vendor advisories (IBM, CIRCL, Nuclei template) confirm remote code execution vi...

CVE-2023-41036

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

OSV-2023-1088 Heap-buffer-overflow in arrow::Status arrow::Result<std::__1::unique_ptr<arrow::Buffer, std::__1::defaul

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63679 Crash type: Heap-buffer-overflow WRITE 8 Crash state: arrow::Status arrow::Resultstd::1::uniqueptrarrow::Buffer, std::1::defaul arrow::ipc::ArrayLoader::GetBuffer arrow::ipc::ArrayLoader::Visit...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit...

RLSA-2023:4954 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-014)

The version of firefox installed on the remote host is prior to 102.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-014 advisory. Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback...

Oracle Linux 9 : thunderbird (ELSA-2023-4955)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4955 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6368-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6368-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...

CVE-2023-41036

Summary (CVE-2023-41036) : MacVim for macOS is affected by an insecure interprocess communication (IPC) mechanism used before version 178. The issue arises from Apple Distributed Objects allowing one program to vend an interface to any other program on the machine, enabling a potential privilege ...