Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of...

WordPress VK All in One Expansion Unit Plugin < 9.87.1.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vektor-inc:vkallinoneexpansionunit"; ifdescription...

DEBIAN-CVE-2023-45871

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.5.3, which stems from a buffer size that may be insufficient for frames larger than the MTU...

UBUNTU-CVE-2023-42298

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the QDecCoordOnUnitSphere function of file src/bifs/unquantize.c...

PT-2024-12473 · Amd +2 · Amd Cpus +2

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: The issue affects AMD CPUs with extensions to normal x86 debugging functions, introduced in CPUs since around 2014. Recommendations: At the moment, there is no information about a newer...

D-Link DPH-400SE Security Vulnerability

The D-Link DPH-400SE is an IP phone from China AUO D-Link. A security vulnerability exists in the D-Link DPH-400SE FRU version 2.2.15.8, which originated from a vulnerability that allows remote attackers to escalate privileges via the user modification feature in the Maintenance/Access feature...

Siemens CP-8031 路径遍历漏洞

The ICAM A8000 RTU Remote Terminal Unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A path traversal vulnerability exists in the Siemens SICAM A8000 device CPCI85 firmware web server, which can be exploited by an attacker to...

PT-2023-6138 · Microsoft · Windows Directx +2

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Windows DirectX affected versions not specified Description: The issue is related to a synchronization error, specifically a race condition, when using a shared resource in the Window...

Siemens SICAM A8000 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Vulnerabilities in SICK Application Processing Unit

Vulnerabilities in SICK Application Processing Unit...

Security Patch for Two New Flaws in Curl Library Arriving on October 11

The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

PoC of CVE-2023-4911 "Looney Tunables" This is a PoC of CVE-2...

CVE-2023-33200

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...

CVE-2023-32828

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

PT-2023-9158 · Qualcomm · Qualcomm Embedded Platform Graphics Driver

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform graphics driver affected versions not specified Description: The issue is related to a memory corruption problem in the graphics driver when a context is destroyed with KGSL GPU AUX COMMAND TIMELINE objects queued...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

PT-2025-32119 · Unknown · Lte Network

Name of the Vulnerable Software and Affected Versions: LTE network affected versions not specified Description: A transient Denial-of-Service DoS condition can occur while processing a random-access response RAR containing an invalid Protocol Data Unit PDU length on an LTE network. A PDU is a uni...

SUSE-SU-2023:3868-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...