traceroute security vulnerability

traceroute is a package for executing traceroute-related commands by James Weston, an individual developer in the United States. A security vulnerability exists in Traceroute versions 2.0.12 through 2.1.2, which stems from the inability of wrapper scripts to properly parse command lines...

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2023-46316

CVE-2023-46316 affects buc Traceroute 2.0.12 through 2.1.2; the wrapper scripts fail to parse command lines correctly, enabling local impact (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Public advisories/errata indicate the fix is to upgrade traceroute to version 2.1.3 or later (e.g., traceroute 2.1.3 ...

CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

aaronblaser-sdk (>=1.0.0 <=1.0.1), actoolkit (>=2.6.4 <=2.6.10) +300 more potentially affected by CVE-2023-45803 via urllib3 (>=2.0.0 <=2.0.6)

urllib3 PYPI version =2.0.0, =1.0.0, =2.6.4, =0.0.1, =0.1.1, =0.5.0, =0.1.23, =0.4.3, =0.0.1b0, =0.4.1, =0.5.5 - amplitude-data-wrapper =0.4.1 and more Source cves: CVE-2023-45803 Source advisory: OSV:PYSEC-2023-212...

AZL-33516 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

AZL-35116 CVE-2023-45142 affecting package prometheus for versions less than 2.45.4-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

CVE-2023-45142

CVE-2023-45142 affects OpenTelemetry-Go Contrib when using the otelhttp.NewHandler wrapper without filtering; the handler logs every HTTP method and User-Agent via httpconv.ServerRequest, enabling unbounded cardinality and potential memory exhaustion under many malicious requests. The root cause ...

MAL-2023-8113 Malicious code in developer-scaffold-full-width-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de16c923e65362f8728b3d71ad9d78042c8f28793d8d720d387faf6316d8b174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: bypass of shadow stack protection due to a logic error

A vulnerability was found in the efirtasmwrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed...

kernel: bypass of shadow stack protection due to a logic error

A vulnerability was found in the efirtasmwrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed...

GHSA-92RV-4J2H-8MJJ Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

Oracle Linux 5 : gdm (ELSA-2009-1364)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1364 advisory. 1:2.16.0-56 - Resolves: 239818 181302 - Fix tcp wrappers detection on 64-bit 1:2.16.0-55 Resolves: 196054 - Fix docs subpackage Requires 1:2.16.0-53 Resolves:...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

nftables oob read/write exploit CVE-2023-35001 Exploit used...

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

Malicious code in ent-screenshare-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94755502800ea05db666be828c8c519ddcf3af8673105b958701a6b3b231197c The OpenSSF Package Analysis project identified 'ent-screenshare-wrapper' @ 3.4.8 npm as malicious. It is considered malicious because: - The...

MAL-2023-1173 Malicious code in ent-screenshare-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 94755502800ea05db666be828c8c519ddcf3af8673105b958701a6b3b231197c The OpenSSF Package Analysis project identified 'ent-screenshare-wrapper' @ 3.4.8 npm as malicious. It is considered malicious because: - The...