A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.
Daily Archives: June 7, 2023
matrix-synapse-1.85.1-1.fc38
FEDORA-2023-e191040276
Packages in this update:
matrix-synapse-1.85.1-1.fc38
Update description:
Update to v1.85.1
Update to v1.85.0
Fixes CVE-2023-32682, CVE-2023-32683
Update to v1.84.1
CISA and Partners Publish Guide For Remote Access Security
Cyber-actors are utilizing these tools for easy and broad access to victim systems
North Korean APT Group Kimsuky Expands Social Engineering Tactics
SentinelOne said the campaign specifically targets experts in North Korean affairs
“PowerDrop” PowerShell Malware Targets US Aerospace Industry
Adlumin said the malware combines elements of off-the-shelf threats and APT tactics
CVE-2022-31693
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
CVE-2021-46889
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
USN-6145-1: Sysstat vulnerabilities
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications in 64-bit systems, as a result of an incomplete fix for
CVE-2022-39377. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2023-33204)
python3.7-3.7.16-4.fc38
FEDORA-2023-f52390b9d2
Packages in this update:
python3.7-3.7.16-4.fc38
Update description:
Fix for CVE-2023-24329
python3.7-3.7.16-2.fc37
FEDORA-2023-dd526ed2e4
Packages in this update:
python3.7-3.7.16-2.fc37
Update description:
Fix for CVE-2023-24329