Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706

The Hacker News
Open in Source
#vulnerability#dos#rce#vmware#auth#zero_day#The Hacker News
Update vRealize now! VMware patches critical RCE vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: vRealize Tags: VMware Tags: CVE-2022-31706 Tags: CVE-2022-31704 Tags: CVE-2022-31702 Tags: path traversal Tags: directory traversal Tags: broken access control VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs (Read more...) The post Update vRealize now! VMware patches critical RCE vulnerabilities appeared first on Malwarebytes Labs.

CVE-2023-0396: Buffer Overreads in Bluetooth HCI

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.

Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

GHSA-636f-xm5j-pj9m: Several quadratic complexity bugs may lead to denial of service in Commonmarker

## Impact Several quadratic complexity bugs in commonmarker's underlying [`cmark-gfm`](https://github.com/github/cmark-gfm) library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: * [CVE-2023-22483](https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c) * [CVE-2023-22484](https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r) * [CVE-2023-22485](https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr) * [CVE-2023-22486](https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p) For more information, consult the release notes for version [`0.23.0.gfm.7`](https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.7). ## Mitigation Users are advised to upgrade to commonmarker version [`0.23.7`](https://rubygems.org/gems/commonmarker/versions/0.23.7).

Ubuntu Security Notice USN-5822-1

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5821-1

Ubuntu Security Notice 5821-1 - Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.

Apple Security Advisory 2023-01-23-7

Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2023-01-23-4

Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.

Apple Security Advisory 2023-01-23-1

Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.