7471 matches found
USN-6534-2: Linux kernel vulnerabilities
It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...
CVE-2023-41119
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...
EnterpriseDB Postgres Advanced Server Security Vulnerability
EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that stems from the inclusion of the function dbmsaqmovetoexceptionqueue, which can...
PT-2023-27802 · Enterprisedb · Enterprisedb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...
PT-2023-32560 · Quiche · Quiche
Name of the Vulnerable Software and Affected Versions: quiche versions 0.15.0 through 0.19.0 Description: The issue is related to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation requires that the recipient of a PATH CHALLENGE...
New PoolParty Process Injection Techniques Outsmart Top EDR Solutions
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from an out-of-bounds memory access found in the iouring SQ/CQ function, which can be exploited by a...
USN-6536-1: Linux kernel vulnerabilities
Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...
SUSE-SU-2023:4609-1 Security update for python-azure-storage-queue
This update for python-azure-storage-queue fixes the following issues: - CVE-2022-30187: Fixed information disclosure vulnerability bsc1202088...
SUSE SLES15 Security Update : python-azure-storage-queue (SUSE-SU-2023:4609-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4609-1 advisory. - Azure Storage Library Information Disclosure Vulnerability CVE-2022-30187 Note that Nessus has not tested for this issue but has instead...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
The Mozilla Foundation Security Advisory describes this flaw as: Ownership mismanagement led to a use-after-free in ReadableByteStreams...
USN-6497-1: Linux kernel (OEM) vulnerabilities
Maxim Levitsky discovered that the KVM nested virtualization SVM implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service host kernel crash. CVE-2023-5090 Alon Zahavi discovered that the...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libcurl vulnerabilities (CVE-2023-38546, CVE-2023-38545)
Summary Issues were identified in libcurl, which is packaged with the IBM MQ Queue Manager Container image. These issues are now fixed, and the fixes are shipped with the latest IBM MQ Operator and IBM-supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2023-38546 DESCRIPTION:...
cups security and bug fix update
1:2.2.6-54 - RHEL-2612 - cups pulls an unneeded dependency on python3 1:2.2.6-53 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation 1:2.2.6-52 - 2217178 - Delays printing to lpd when reserved ports are exhausted - 2217283 - The command 'cancel -x ' does not remove job fil...
CVE-2023-41442
An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component...