Read Time:8 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.
Daily Archives: September 7, 2023
ZDI-23-1339: Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability.
ZDI-23-1340: Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability.
ZDI-23-1341: Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability.
ZDI-23-1342: Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability.
redis-7.2.1-1.fc39
Read Time:31 Second
FEDORA-2023-5a7cc198c2
Packages in this update:
redis-7.2.1-1.fc39
Update description:
Redis 7.2.1 Released Wed 06 Sep 2023 15:00:00 IDT
Upgrade urgency SECURITY: See security fixes below.
Security Fixes
(CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and,
as a result, may grant users executing this command access to keys that are not
explicitly authorized by the ACL configuration.
Bug Fixes
Fix crashes when joining a node to an existing 7.0 Redis Cluster (#12538)
Correct request_policy and response_policy command tips on for some admin /
configuration commands (#12545, #12530)
USN-6352-1: Apache Shiro vulnerabilities
Read Time:9 Second
It was discovered that Apache Shiro incorrectly handled certain HTTP
requests. A remote attacker could possibly use this issue to bypass
security restrictions. (CVE-2020-13933, CVE-2020-17510)
DSA-5491 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.