PVS Target Device hangs/freezes when placed under isolation by Windows Defender

The PVS Target VM goes into a hung state...

GO-2023-1989 Excessive resource consumption in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...

CVE-2023-4055

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...

CVE-2023-31432 - Privilege issues in multiple commands

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0...

Shortcuts to apps not seen in the start menu of the published desktop

Shortcuts are not visible in the published desktop or windows start menu even after the correct policies have been applied Enable Desktop shortcut...

CVE-2023-37788

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service DoS via unspecified vectors...

Citrix Secure Access for Windows fails to allow traffic through VPN after an upgrade to 23.x.x.x

After a successful connection to the Citrix Secure Access CSA client in full tunnel, none of the traffic passes through the VPN. Access to the applications using an IP address or DNS over the tunnel is blocked. The issue is limited to domain-joined machines where the Intranet IP address is...

CVE-2023-2200 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

BELL-CVE-2023-3618

Bulletin has no description...

Reauthorize Error "Your FAS rules are not using the latest authorization certificate".

FAS console shows the message "Reauthorize Error "Your FAS rules are not using the latest authorization certificate" when you attempt to Reauthorize...

CVE-2023-29824

A use-after-free issue was discovered in PyFindObjects function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue...

PT-2023-22854 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: Transaction versions prior to SMR Jul-2023 Release 1 Description: The issue is related to improper input validation, allowing local attackers to launch privileged activities. Recommendations: For versions prior to SMR Jul-2023 Release 1, upda...

PT-2023-22630 · Unknown · Wliang6 Chatengine

Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the textMessage field in /src/chatbotapp/chatWindow.java, allowing attackers to execute arbitrary code. This is due to a vulnerability ...

CVE-2023-35133

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

OSV-2023-490 UNKNOWN READ in pcpp::SSHIdentificationMessage::tryParse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59833 Crash type: UNKNOWN READ Crash state: pcpp::SSHIdentificationMessage::tryParse pcpp::SSHLayer::createSSHMessage pcpp::SSHLayer::parseNextLayer...

GHSA-42R6-P4PX-QVV6 tgstation-server cached user logins in legacy server

Please note this advisory is for a historical preexisting issue in the legacy server from 2018. It has long since been triaged. It is being moved here for visibility. The text below is copied from the original issue 690 You can login to the server with any username/password combination if someone...

CVE-2023-25746

Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 102.8 and Firefox ESR 102.8...

MAL-2023-633 Malicious code in node-red-contrib-tfjs-object-detection (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ae6d965935a10741f1389a09905356a09e9d7358dc5e8d1e3b56fac4602c78d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Gateway Logon Page showing Blank (Logon page white screen)

The logon page of newly added gateway virtual server shows blank, while all the previous configured gateway virtual servers working fine...

CVE-2023-29579

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...