CLSA-2023-1697463318 Fix CVE(s): CVE-2023-38546

SECURITY UPDATE: сookie injection with none file - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields in lib/cookie.c - CVE-2023-38546...

CVE-2023-40791

extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...

CVE-2023-40791

The CVE-2023-40791 issue is in the Linux kernel’s extract_user_to_sg (lib/scatterlist.c), where pages may not be properly unpinned in a specific scenario, evidenced by a WARNING for try_grab_page. The connected Nessus entry corroborates affected code and versions: Linux kernel before 6.4.12. This...

CVE-2023-45863

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fillkobjpath out-of-bounds write...

CVE-2023-45863

The CVE-2023-45863 issue affects the Linux kernel prior to 6.2.3 and is triggered by a race condition in lib/kobject.c that causes a fill_kobj_path out-of-bounds write when run with root privileges. Public sources in connected documents (Astra Linux bulletin and IBM advisories) describe the same ...

Unbreakable Enterprise kernel security update

4.14.35-2047.530.5.1 - Revert 'rtnetlink: Reject negative ifindexes in RTMNEWLINK' Saeed Mirzamohammadi Orabug: 35896831 4.14.35-2047.530.5 - netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethashnetportnet.c Kyle Zeng Orabug: 35824288 CVE-2023-42753 - netfilter: xtu32: validate...

Malicious code in @inconspicuously/test-lib-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62b2d5f6ee672c84801908e2f796dedd54759a965d3f33e691640219c1d48c80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-36009 · Libvp9 · Libvp9

Name of the Vulnerable Software and Affected Versions: libvp9 affected versions not specified Description: The issue is related to a heap-buffer-overflow read in the libvp9 library. The crash occurs in the Video::VP9::Decoder module, specifically in the create video frame, decode frame, and recei...

Command injection

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlyin...

Cacti Operating System Command Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from an operating system command injection vulnerability that...

Malicious code in vesper-synth-user-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b63b940eccf15e831893fd295775cbbbee43515d20e431b70389d8775292f57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7989 Malicious code in vesper-synth-user-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b63b940eccf15e831893fd295775cbbbee43515d20e431b70389d8775292f57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in metronome-synth-info-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7988 Malicious code in metronome-synth-info-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in master-oracle-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b5d683c33e479ccc6ca6bb739fae7fc1a6d64781f08d95866becdfdd08e26fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7987 Malicious code in master-oracle-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b5d683c33e479ccc6ca6bb739fae7fc1a6d64781f08d95866becdfdd08e26fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-H24C-6P6P-M3VX tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-4695

The CVE-2023-4695 vulnerability affects pkp-lib prior to 3.3.0-16. It stems from using a predictable RNG algorithm (mt_rand) for password generation and seeding with time, leading to predictable outcomes and potentially total compromise of generated values. Affected component is the random number...