Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-31921: Assertion 'dividend_end_p[0] == divisor_high && dividend_end_p[-1] < divisor_high' failed at /jerryscript/jerry-core/ecma/operations/ecma-big-uint.c(ecma_big_uint_div_mod) · Issue #5068 · jerryscript-

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.

CVE
Open in Source
#ubuntu#linux#js
CVE-2023-31913: Assertion 'context_p->scope_stack_size == PARSER_MAXIMUM_DEPTH_OF_SCOPE_STACK' failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class):1068. · Issue #5061 · jerryscript-project

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.

New Variant of Linux Backdoor BPFDoor Uncovered After Years of Staying Under the Radar

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with this latest iteration," security researchers Shaul Vilkomir-Preisman and Eliran Nissan said. BPFDoor (

CVE-2023-29983: CompanyMaps 8.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.

CVE-2023-29657: eXtplorer 2.1.15 – Arbitrary File Upload – Tristão Marinho

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.

CVE-2023-29808: Companymaps 8.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.

CVE-2023-29809: Companymaps 8.0 SQL Injection ≈ Packet Storm

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.

CVE-2023-2662: A FPE in pdfimages xpdf4.04

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.

CVE-2023-27554: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.

GHSA-p744-4q6p-hvc2: Wings vulnerable to escape to host from installation container

### Impact This vulnerability impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). ### Patches This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`. ### Workarounds Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per our documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems...