Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-46930: SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 · Issue #2666 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE
Open in Source
#vulnerability#ubuntu#linux#js#git#c++#ssl
CVE-2023-46256: [REPORT] Heap Buffer Overflow Bug Found in src/drivers/distance_sensor/lightware_laser_serial/parser.cpp

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

CVE-2023-42658: InSpec CLI

Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

CVE-2023-4836: CVE-2023-4836 - User Private Files - IDOR to Sensitive data and private files exposure / leak of info - POC - Use only certified WordPress plugins for your website

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

Gentoo Linux Security Advisory 202310-23

Gentoo Linux Security Advisory 202310-23 - Several use-after-free vulnerabilities have been found in libxslt. Versions greater than or equal to 1.1.35 are affected.

Gentoo Linux Security Advisory 202310-22

Gentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

Ubuntu Security Notice USN-6460-1

Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.

Debian Security Advisory 5542-1

Debian Linux Security Advisory 5542-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.

Debian Security Advisory 5541-1

Debian Linux Security Advisory 5541-1 - Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system.