Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so – Qualys Security Blog

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE
#vulnerability#ubuntu#linux#debian#buffer_overflow
CVE-2023-5255: CVE-2023-5255 Denial of Service for Revocation of Auto Renewed Certificates

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.

CVE-2023-5255

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.

CVE-2023-4732: cve-details

A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x.

CVE-2023-4817: Unrestricted File Upload Vulnerability Icp Das Et 7060 | INCIBE-CERT

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.

CVE-2023-3196: Multiple Vulnerabilities Canopsis Capensis | INCIBE-CERT

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.

CVE-2023-4886: cve-details

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

CVE-2023-4882: Multiple Vulnerabilities Open5gs | INCIBE-CERT

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.

CVE-2023-0506: Inadequate Access Control Demes Group Products | INCIBE-CERT

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.

CVE-2023-2544: Authorization Bypass Upv Peix | INCIBE-CERT

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.