ZDI-24-600: Schneider Electric APC Easy UPS Online startRun Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit...
USN-6827-1: LibTIFF vulnerability
It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue...
DSA-5708-1 cyrus-imapd – security update
Damian Poddebniak discovered that the Cyrus IMAP server didn't restrict memory allocation for some command arguments which may result in denial of service. This update...
DSA-5707-1 vlc – security update
A buffer overflow was discovered in the MMS module of the VLC media player. https://security-tracker.debian.org/tracker/DSA-5707-1 Read More
USN-6825-1: ADOdb vulnerabilities
It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL...
USN-6821-2: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker...
USN-6818-2: Linux kernel (ARM laptop) vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability....
USN-6824-1: GIFLIB vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-40633, CVE-2022-28506,...
LSN-0104-1: Kernel Live Patch Security Notice
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker...
USN-6822-1: Node.js vulnerabilities
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked...