Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 throug...

PT-2023-28108 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This enables the execution of Javascript code in the news section of the...

PT-2023-9162 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is caused by improper validation of the form input field Name on the Graph page in the Items section. This can lead to a cross-site scripting XSS attack, allowing a remote attacker...

US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses'

A new report by an oversight committee in the US House of Representatives says the FBI has routinely violated rules governing FISA’s Section 702 surveillance program and must be reined in...

Important: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

KLA61977 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft...

The vulnerability of the read_section function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the readsection function in the dwarf2.c component of the GNU Binutils development environment relates to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created ELF file...

The vulnerability of the bfd_section_from_shdr function in the bfd/elf.c component of the GNU Binutils development environment allows a attacker to trigger a service failure.

The vulnerability of the bfdsectionfromshdr function in the bfd/elf.c component of the GNU Binutils development environment is related to insufficient input validation. Exploiting this vulnerability allows an attacker to cause service failures remotely...

KLA61975 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

PT-2023-35572 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash, specifically a Segv on an unknown address. The crash involves the functions flb sds cat safe, flb cf key translate, and...

Critical: Red Hat Security Advisory: jboss-amq-6-amq63-openshift-container security update

An update for jboss-amq-6-amq63-openshift-container is now available for RHEL-7 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: mariadb:10.5 security update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: insights-client security update

An update for insights-client is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

kernel: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet ...

Google Play Store Highlights 'Independent Security Review' Badge for VPN Apps

Google is rolling out a new banner to highlight the "Independent security review" badge in the Play Store's Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment MASA audit. "We've launched this banner beginning with VPN apps due to the sensitive an...

CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

UBUNTU-CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Information disclosure

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...