Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics DIAEnergie. Authentication is not required to exploit this vulnerability.
Yearly Archives: 2023
ZDI-23-1531: Delta Electronics DIAEnergie HandlerUploadCalendar Use Of Hard-Coded Credentials Authentication Bypass Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Electronics DIAEnergie. Authentication is not required to exploit this vulnerability.
ZDI-23-1532: Ivanti Endpoint Manager ProcessEPMAuthToken Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability.
libXpm-3.5.17-1.fc39
Read Time:9 Second
FEDORA-2023-c4cf6646b9
Packages in this update:
libXpm-3.5.17-1.fc39
Update description:
libXpm 3.5.17, fixes CVE-2023-43788, CVE-2023-43789, CVE-2023-43786
DSA-5516 libxpm – security update
Read Time:7 Second
Multiple security vulnerabilities were discovered in libxpm, the X11
pixmap library, which may result in denial of service or the execution
of arbitrary code.
DSA-5517 libx11 – security update
Read Time:8 Second
Multiple security vulnerabilities were discovered in libx11, the X11
client-side library, which may result in denial of service or the
execution of arbitrary code.
DSA-5518 libvpx – security update
Read Time:9 Second
It was discovered that missing input sanitising in the encoding support
in libvpx, a multimedia library for the VP8 and VP9 video codecs, may
result in denial of service.
USN-6417-1: Linux kernel vulnerabilities
Read Time:1 Minute, 20 Second
It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps. (CVE-2021-4001)
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)
USN-6416-1: Linux kernel vulnerabilities
Read Time:3 Minute, 4 Second
It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (CVE-2023-2156)
Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel
did not properly validate a buffer size in certain situations, leading to
an out-of-bounds read vulnerability. A remote attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-3865)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel
contained a null pointer dereference vulnerability when handling handling
chained requests. A remote attacker could use this to cause a denial of
service (system crash). (CVE-2023-3866)
It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)
Andy Nguyen discovered that the KVM implementation for AMD processors in
the Linux kernel with Secure Encrypted Virtualization (SEV) contained a
race condition when accessing the GHCB page. A local attacker in a SEV
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2023-4155)
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)
Maxim Suhanov discovered that the exFAT file system implementation in the
Linux kernel did not properly check a file name length, leading to an out-
of-bounds write vulnerability. An attacker could use this to construct a
malicious exFAT image that, when mounted and operated on, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4273)
Thelford Williams discovered that the Ceph file system messenger protocol
implementation in the Linux kernel did not properly validate frame segment
length in certain situation, leading to a buffer overflow vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-44466)
USN-6414-2: Django vulnerabilities
Read Time:32 Second
USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django,
respectively. This update provides the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Wenchao Li discovered that the Django Truncator function incorrectly
handled very long HTML input. A remote attacker could possibly use this
issue to cause Django to consume resources, leading to a denial of service.
It was discovered that Django incorrectly handled certain URIs with a very
large number of Unicode characters. A remote attacker could possibly use
this issue to cause Django to consume resources or crash, leading to a
denial of service.