OESA-2023-1801 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirroroneesl of the file mok.c of the component mok...

Any value can be changed in the configuration table by an employee having access to block reassurance module

Impact An ajax function in module blockreassurance allows modifying any value in the configuration table Patches v5.1.4 Workarounds no workaround available References...

CVE-2023-41419 affecting package python-gevent for versions less than 1.3.6-9

CVE-2023-41419 affecting package python-gevent for versions less than 1.3.6-9. A patched version of the package is available...

CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...

PT-2023-7246 · Asus · Asus Rt-Ac87U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC87U all versions Description: An improper access control issue exists, related to the implementation of the TFTP protocol, allowing an attacker to read or write files not intended for access. This can be achieved by connecting to th...

Cross site scripting

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed...

Medium: wireshark

Issue Overview: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVE-2023-5371 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.2.20231030 or dnf update...

CVE-2023-46228 affecting package zchunk for versions less than 1.1.16-3

CVE-2023-46228 affecting package zchunk for versions less than 1.1.16-3. A patched version of the package is available...

PT-2023-30278 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR1200GB version 9.1.0u.6619 B20230130 Description: A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access. Recommendations: F...

CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

Code injection

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

PT-2023-29917

Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...

PT-2023-8375 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue is related to the use of hard-coded credentials, such as a password or cryptographic key, in IBM Security Verify Governance. This could allow a remote attacker to disclose...

PT-2023-28802 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. This enables the attacker to perform...

PT-2023-25755 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ versions = V5.2cu.7594 B20200910 Description: A stack overflow issue was discovered in the UploadCustomModule function via the File parameter. Recommendations: For TOTOLINK CP300+ versions = V5.2cu.7594 B20200910, consider...

PT-2023-29673 · Apache · Apache Brpc

Name of the Vulnerable Software and Affected Versions: Apache bRPC versions 1.6.0. 2. Apply the patch available at https://github.com/apache/brpc/pull/2411 if upgrading is not feasible. 3. Disable the rpcz feature as a temporary workaround...

CVE-2023-25675 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25675 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5. A patched version of the package is available...

CVE-2023-4921 affecting package kernel for versions less than 5.15.133.1-1

CVE-2023-4921 affecting package kernel for versions less than 5.15.133.1-1. A patched version of the package is available...