FreeBSD -- copy_file_range insufficient capability rights check

Problem Description: The syscall checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the syscall must additionally require the CAPSEEK capability. Impact: A sandboxed process with on...

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF vide...

Cosmos-SDK Cosmovisor component may be vulnerable to denial of service

Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...

CVE-2023-38840

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62038)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

ASB-A-213170822

In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Denial Of Service (DoS)

@feathersjs/transport-commons is vulnerable to Denial of Service DoS attacks. The vulnerability is due to invalid string conversions such as $ toString: '' , which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...

Why Open Enrollment Readiness Should Be a Year-Round Strategy

Today’s malicious actors see the healthcare industry as a target-rich environment, so getting ready for open enrollment should be a year-round process...

GHSA-JRM6-H9CQ-8GQW PyPDF2 quadratic runtime with malformed PDF missing xref marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. Patches https://github.com/py-pdf/pypdf/pull/808 Workarounds ...

Exploit for Improper Ownership Management in Debian Debian_Linux

--- typora-copy-images-to: . /image --- CVE-2023-0386 Exp Us...

Exploit for Improper Input Validation in Microsoft

CVE-2023-21554-PoC CVE-2023-21554 is a Windows MessageQueuin...

CVE-2023-29996

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfodecode and unsubinfodecode...

CVE-2023-26551

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

CVE-2023-26551

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with t...

Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23569)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

CVE-2022-48355

CVE-2022-48355 describes a heap out-of-bounds read vulnerability in the Bluetooth module that can cause the Bluetooth process to crash. The affected context appears to be HarmonyOS (Bluetooth component); the provided sources do not specify affected versions or a confirmed remediation. No exploit ...

CVE-2022-48355

The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash...