CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-38704

CVE-2023-38704 affects import-in-the-middle (ESM loader). Prior to version 1.4.2 it allows remote code execution when user-supplied input is passed to import(). This vulnerability has been patched in 1.4.2. Affected guidance includes not passing user input to import(), and, if EcmaScript Modules ...

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...

CVE-2023-0425 Buffer overflow in global memory region

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

PT-2023-6026 · Apple +6 · Macos Sonoma +10

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17 iPadOS versions prior to 17 watchOS versions prior to 10 macOS Sonoma versions prior to 14 Description: A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrar...

PT-2023-6795 · Apple +6 · Safari +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...

CVE-2023-4132

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2022-28615: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

PT-2023-7025 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the fixed version Description: Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module...

Node.js Modules Installed (Linux)

Binary data nodejsmoduleslinuxinstalled.nbin...

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

CVE-2023-38057

CVE-2023-38057 affects OTRS Survey modules: 7.0.x prior to 7.0.32, 8.0.x prior to 8.0.13, and the ((OTRS)) Community Edition Survey module from 6.0.x through 6.0.22. The vulnerability is caused by improper input validation in the survey module, allowing an attacker who has a link to a valid, unan...

PT-2023-26267 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...

CVE-2023-37292

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

CVE-2023-37292 HGiga iSherlock - Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in HGiga iSherlock 4.5 iSherlock-user modules, HGiga iSherlock 5.5 iSherlock-user modules allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock...

The vulnerability of the microprogramming software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TRXT controllers from the Allen-Bradley ControlLogix series allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TR...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...