Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-5847: [R1] Nessus Agent Version 10.4.3 Fixes Multiple Vulnerabilities

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

CVE
Open in Source
#vulnerability#web#windows#linux
CVE-2023-3972: Invalid Bug ID

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

CVE-2023-46928: SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42 · Issue #2661 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.

CVE-2023-46930: SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 · Issue #2666 · gpac/gpac

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.

CVE-2023-46256: [REPORT] Heap Buffer Overflow Bug Found in src/drivers/distance_sensor/lightware_laser_serial/parser.cpp

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.

CVE-2023-42658: InSpec CLI

Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

CVE-2023-4836: CVE-2023-4836 - User Private Files - IDOR to Sensitive data and private files exposure / leak of info - POC - Use only certified WordPress plugins for your website

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

Gentoo Linux Security Advisory 202310-23

Gentoo Linux Security Advisory 202310-23 - Several use-after-free vulnerabilities have been found in libxslt. Versions greater than or equal to 1.1.35 are affected.

Gentoo Linux Security Advisory 202310-22

Gentoo Linux Security Advisory 202310-22 - Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation. Versions greater than or equal to 3004.2 are affected.

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.