CVE-2023-28796 IPC Bypass Through PLT Section in ELF

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6...

The vulnerability of the Kafka platform’s message and section management package for security organization, automation, and Cortex XSOAR responses lies in the unencrypted storage of key certificates, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Kafka platform’s message and section management package for security organization, automation, and Cortex XSOAR response is related to the unencrypted storage of key certificates. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (director-operator) security update

An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1. Red Hat Product Security has rated this update as having a security impact of Importan...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Improper Access Control

libfile.so is vulnerable to Improper Access Control. The vulnerability exists in dobidnote function at readelf.c due to improper restrictions which allows an attacker to perform unauthorized actions using a specially crafted .notes section...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

KLA61358 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

CLSA-2023-1696877581 binutils: Fix of 9 CVEs

CVE-2017-16831: Fix excessive memory allocation attempts and possible integer overflows when attempting to read a COFF binary with a corrupt symbol count - CVE-2020-19726: Fix parsing a corrupt PE format file - CVE-2021-45078: Fix out-of-bounds write in stabxcoffbuiltintype - CVE-2021-46174: Fix...

Stored XSS in function Add discussion at the Copyediting section

Description I tested the demo site you provided and I see that there is a stored XSS in function Add discussion Proof of Concept payload: thanh"alert1 Steps 1. Login as any user 2. In the Unassigned section and click view 3. In the Workflow click Copyediting section and Add discussion 4. Insert...

Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

Cross site scripting

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828 Stored Cross Site Scripting in syslog section

Cross-site Scripting XSS vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2023-0828

CVE-2023-0828 is a Cross-site Scripting (XSS) vulnerability in the Syslog section of Pandora FMS that can cause a user’s cookie value to be transferred to an attacker’s server. Affected: Pandora FMS version 7.67 (7.67) and earlier on all platforms. Root cause: XSS in the Syslog UI. Impact: creden...

PT-2023-16553 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.67 and prior versions Description: A Cross-site Scripting XSS issue in the Syslog Section of Pandora FMS allows an attacker to transfer a user's cookie value to the attacker's server. Recommendations: For Pandora FMS...

CLSA-2023-1695752345 Fix CVE(s): CVE-2022-45703

SECURITY UPDATE: a heap buffer overflow triggered in displaydebugsection at binutils/readelf.c - debian/patches/CVE-2022-45703.patch: combine sanity checks, calculate element counts, not word counts, fix typo - CVE-2022-45703...