This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
A Vulnerability has been discovered in Barracuda Email Security Gateway (ESG) which could allow for remote code injection. Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. Successful exploitation of this vulnerability could allow for unauthenticated remote attackers to execute arbitrary code on the server in the context of the System user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu
Linux kernel contained a race condition when handling inode locking in some
situations. A local attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2023-2612)
A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.
webkitgtk-2.40.2-1.fc37
Fix scrollbar jumping to top when drag released outside window in GTK 4.
Fix video rendering when GL is disabled.
Fix flickering on looped videos when starting again.
Fix CPU usage on autoplaying videos.
Choose amount of painting threads depending on available CPU cores on GTK 4.
Fix several crashes and rendering issues.
Fix CVE-2023-28204 and CVE-2023-32373.
webkitgtk-2.40.2-1.fc38
Fix scrollbar jumping to top when drag released outside window in GTK 4.
Fix video rendering when GL is disabled.
Fix flickering on looped videos when starting again.
Fix CPU usage on autoplaying videos.
Choose amount of painting threads depending on available CPU cores on GTK 4.
Fix several crashes and rendering issues.
Fix CVE-2023-28204 and CVE-2023-32373.
openssl-3.0.9-1.fc38
Rebase to upstream version 3.0.9
openssl-3.0.9-1.fc37
Rebase to upstream version 3.0.9
It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-0897)
It was discovered that libvirt incorrectly handled queries for the SR-IOV
PCI device capabilities. A local attacker could possibly use this issue to
cause libvirt to consume resources, leading to a denial of service.
(CVE-2023-2700)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration.
