February Microsoft Patch Tuesday Fixes Three Zero-days
On February 14, 2023, Microsoft released more than 70 security patches as part of regular Patch Tuesday. Microsoft observed CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823 were exploited...
CVE-2021-33304
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. Read More
CVE-2021-33396
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. Read...
CVE-2020-19825
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. Read More
CVE-2020-21119
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. Read More
CVE-2020-21120
SQL Injection vulnerability in file homecontrolscart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. Read More
OpenEMR Vulnerabilities Endanger Patient Information
FortiGuard Labs is aware of a report that OpenEMR (Electronic Medical Records) released a patch for three vulnerabilities on November 30, 2022, two of which...
xen-4.16.3-2.fc36
FEDORA-2023-dda38ecefd Packages in this update: xen-4.16.3-2.fc36 Update description: x86: Cross-Thread Return Address Predictions [XSA-426, CVE-2022-27672] Read More
xen-4.16.3-2.fc37
FEDORA-2023-c69a2a8f8b Packages in this update: xen-4.16.3-2.fc37 Update description: x86: Cross-Thread Return Address Predictions [XSA-426, CVE-2022-27672] Read More
USN-5875-1: Linux kernel (GKE) vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote...