CVE-2023-21852

CVE-2023-21852 affects Oracle E-Business Suite, specifically the Oracle Learning Management Setup component. Supported vulnerable versions are 12.2.3–12.2.12. The issue stems from insufficient input validation in the Setup area, enabling a remote unauthenticated attacker with network access via H...

UBUNTU-CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

GSD-2023-1001228 usb: gadget: uvc: Prevent buffer overflow in setup handler

usb: gadget: uvc: Prevent buffer overflow in setup handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.85 by commit...

GSD-2023-1000857 usb: gadget: uvc: Prevent buffer overflow in setup handler

usb: gadget: uvc: Prevent buffer overflow in setup handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.15 by commit...

GSD-2023-1000474 fs/ntfs3: Validate index root when initialize NTFS security

fs/ntfs3: Validate index root when initialize NTFS security This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

GSD-2023-1000439 ext4: don't set up encryption key during jbd2 transaction

ext4: don't set up encryption key during jbd2 transaction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

GSD-2023-1000387 drm/amdkfd: Fix kernel warning during topology setup

drm/amdkfd: Fix kernel warning during topology setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit...

GSD-2023-1000199 usb: gadget: uvc: Prevent buffer overflow in setup handler

usb: gadget: uvc: Prevent buffer overflow in setup handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.161 by commit...

GSD-2023-1000111 usb: gadget: uvc: Prevent buffer overflow in setup handler

usb: gadget: uvc: Prevent buffer overflow in setup handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.85 by commit...

OOPSpam Anti-Spam < 1.1.36 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-33113 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: A memory leak issue was discovered in the gpiochip setup dev function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2023-1180 · Oracle · Oracle Learning Management +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Setup component of the Oracle Learning Management product. This can be exploited by a remote attacker to...

PT-2023-33275 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.161 Description: The issue is related to the initialization of mailbox messages for VF reset. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

CVE-2022-4199

The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4330 WP Attachments < 5.0.6 - Admin+ Stored XSS

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WP Better Emails <= 0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Malicious code in setup-maven (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 634144f43edb36e91854ad024939d4efd04c6f966d6b138514b404ef25c16538 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-772 Malicious code in setup-maven (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 634144f43edb36e91854ad024939d4efd04c6f966d6b138514b404ef25c16538 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2023:0058-1 Security update for systemd

This update for systemd fixes the following issues: Fixing the following issues: - units: restore RemainAfterExit=yes in systemd-vconsole-setup.service - vconsole-setup: don't concat strv if we don't need to i.e. not in debug log mode - vconsole-setup: add more log messages - units: restore Befor...