CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

编号撤回

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. This CVE number has been withdrawn...

PT-2023-3109 · Go +11 · Go +11

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to incorrect code generation when handling directory names with newline characters in the Go programming language's Cgo module. This may result in unexpected behavior when...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode 373 bytes

; Title: Name: Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode 373 bytes ; Author: Xavi Beltran ; Contact: email protected ; Website: https://xavibel.com/2023/01/18/shellcode-windows-x86-create-administrator-user-dynamic-peb-edt/ ; Date: 18/01/2022 ; Tested...

Fedora: Security Advisory for netconsd (FEDORA-2023-80b2470d3c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: netconsd-0.2-1.fc36

This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...

Fedora: Security Advisory for netconsd (FEDORA-2023-f25098f499)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1258

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware web service modules allows Footprinting.This issue affects Flow-X: before 4.0...

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

SUSE-SU-2023:1701-1 Security update for grub2

This security update of grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grubfontconstructglyph bsc1205178. - CVE-2022-3775: Fixed integer underflow in blitcomb bsc1205182. - Bump upstream SBAT generation to 3 - rebuild the package with the new secure boot key bsc120918...

PT-2023-3590 · Apple +7 · Macos Ventura +13

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.4 macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +80 more potentially affected by CVE-2023-25676 via tensorflow-gpu (>=1.10.1 <=2.0.4)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.2, =0.6.7, =0.1.2, =0.1.0, =0.1.2 - dragonn =0.4.2 and more Source cves: CVE-2023-25676 Source advisory: OSV:GHSA-6WFH-89Q8-44JQ...

PT-2023-9783 · Abb · Flow-X

Name of the Vulnerable Software and Affected Versions: ABB Flow-X versions prior to 4.0 Description: The issue is related to exposure of sensitive information to an unauthorized actor, allowing footprinting. This is due to insufficient protection of service data in the web service modules of the...

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1248

Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...

UBUNTU-CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

CVE-2023-1250 Code execution through ACL creation

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...