GitLab < 15.9.6 (CVE-2023-0756)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a...

MilleGPG5 5.9.2 Local Privilege Escalation

Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...

CVE-2023-30612

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. CVE-2022-4379 In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of...

Desdev DedeCMS 代码注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. DedeCMS 5.7.87 before the version of th...

The vulnerability of the soapcgi.main() function in the D-LINK GO-RT-AC750 router software allows a hacker to execute arbitrary commands.

The vulnerability of the soapcgimain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

LinkedIn: HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction

Vulnerability description not provided...

NewStart CGSL CORE 5.05 / MAIN 5.05 : control-center Vulnerability (NS-SA-2023-0018)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has control-center packages installed that are affected by a vulnerability: - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical...

NewStart CGSL CORE 5.05 / MAIN 5.05 : nautilus Multiple Vulnerabilities (NS-SA-2023-0015)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nautilus packages installed that are affected by multiple vulnerabilities: - An error within the parserollei function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite...

NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtxmlpatterns Multiple Vulnerabilities (NS-SA-2023-0020)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtxmlpatterns packages installed that are affected by multiple vulnerabilities: - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document...

NewStart CGSL CORE 5.05 / MAIN 5.05 : shared-mime-info Vulnerability (NS-SA-2023-0007)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has shared-mime-info packages installed that are affected by a vulnerability: - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physica...

NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2023-0029)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by multiple vulnerabilities: - In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Previ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mutter Multiple Vulnerabilities (NS-SA-2023-0007)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mutter packages installed that are affected by multiple vulnerabilities: - An error within the parserollei function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loo...

NewStart CGSL CORE 5.05 / MAIN 5.05 : zlib Vulnerability (NS-SA-2023-0021)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has zlib packages installed that are affected by a vulnerability: - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Note that Nessus has no...

NewStart CGSL CORE 5.05 / MAIN 5.05 : accountsservice Multiple Vulnerabilities (NS-SA-2023-0024)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has accountsservice packages installed that are affected by multiple vulnerabilities: - An error within the parserollei function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an...

NewStart CGSL CORE 5.05 / MAIN 5.05 : gnome-online-accounts Vulnerability (NS-SA-2023-0017)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gnome-online-accounts packages installed that are affected by a vulnerability: - It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mesa-libGLw Multiple Vulnerabilities (NS-SA-2023-0024)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mesa-libGLw packages installed that are affected by multiple vulnerabilities: - An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2023-0009)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, t...