This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
A Vulnerability in Barracuda Email Security Gateway Could Allow for Remote Command Injection
A Vulnerability has been discovered in Barracuda Email Security Gateway (ESG) which could allow for remote code injection. Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. Successful exploitation of this vulnerability could allow for unauthenticated remote attackers to execute arbitrary code on the server in the context of the System user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6127-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu
Linux kernel contained a race condition when handling inode locking in some
situations. A local attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2023-2612)
CVE-2015-10108
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.
webkitgtk-2.40.2-1.fc37
FEDORA-2023-23cc337543
Packages in this update:
webkitgtk-2.40.2-1.fc37
Update description:
Fix scrollbar jumping to top when drag released outside window in GTK 4.
Fix video rendering when GL is disabled.
Fix flickering on looped videos when starting again.
Fix CPU usage on autoplaying videos.
Choose amount of painting threads depending on available CPU cores on GTK 4.
Fix several crashes and rendering issues.
Fix CVE-2023-28204 and CVE-2023-32373.
webkitgtk-2.40.2-1.fc38
FEDORA-2023-9e75e38b47
Packages in this update:
webkitgtk-2.40.2-1.fc38
Update description:
Fix scrollbar jumping to top when drag released outside window in GTK 4.
Fix video rendering when GL is disabled.
Fix flickering on looped videos when starting again.
Fix CPU usage on autoplaying videos.
Choose amount of painting threads depending on available CPU cores on GTK 4.
Fix several crashes and rendering issues.
Fix CVE-2023-28204 and CVE-2023-32373.
openssl-3.0.9-1.fc38
FEDORA-2023-026c8ba371
Packages in this update:
openssl-3.0.9-1.fc38
Update description:
Rebase to upstream version 3.0.9
openssl-3.0.9-1.fc37
FEDORA-2023-964eb00fc6
Packages in this update:
openssl-3.0.9-1.fc37
Update description:
Rebase to upstream version 3.0.9
USN-6126-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-0897)
It was discovered that libvirt incorrectly handled queries for the SR-IOV
PCI device capabilities. A local attacker could possibly use this issue to
cause libvirt to consume resources, leading to a denial of service.
(CVE-2023-2700)
ZDI-23-780: Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.