This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability.
Yearly Archives: 2023
ZDI-23-445: Schneider Electric APC Easy UPS Online getMacAddressByIP Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability.
ZDI-23-446: (Pwn2Own) Sonos One Speaker libsmb2 Integer Overflow Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
ZDI-23-447: (Pwn2Own) Sonos One Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
ZDI-23-448: (Pwn2Own) Sonos One Speaker msprox Endpoint Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
ZDI-23-449: (Pwn2Own) Sonos One Speaker MPEG-TS Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
ZDI-23-450: (Pwn2Own) Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
insight-13.0.50.20220502-9.fc37
FEDORA-2023-b4d1469b54
Packages in this update:
insight-13.0.50.20220502-9.fc37
Update description:
Disable stringop-overflow warnings.
Patch “bfd-CVE-2023-1972” fixes a security issue in bfd library.
insight-13.0.50.20220502-9.fc38
FEDORA-2023-8a6a30c142
Packages in this update:
insight-13.0.50.20220502-9.fc38
Update description:
Disable stringop-overflow warnings.
Patch “bfd-CVE-2023-1972” fixes a security issue in bfd library.
insight-13.0.50.20220502-9.fc36
FEDORA-2023-5d51a42413
Packages in this update:
insight-13.0.50.20220502-9.fc36
Update description:
Disable stringop-overflow warnings.
Patch “bfd-CVE-2023-1972” fixes a security issue in bfd library.