Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-37174: SEGV on unknown address 0x000000012c29 · Issue #2505 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

CVE
Open in Source
#vulnerability#ubuntu#linux#c++
CVE-2023-37767: SEGV on unknown address 0x000000000000 · Issue #2514 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

GHSA-25c8-p796-jg6r: Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...

CVE-2023-24492: Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

Red Hat Security Advisory 2023-4023-01

Red Hat Security Advisory 2023-4023-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Debian Security Advisory 5451-1

Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Red Hat Security Advisory 2023-4021-01

Red Hat Security Advisory 2023-4021-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service

Kyocera TASKalfa 4053ci versions 2VG_S000.002.561 and below suffers from path traversal, user enumeration, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-4020-01

Red Hat Security Advisory 2023-4020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

CVE-2023-3108: crypto: fix af_alg_make_sg() conversion to iov_iter · torvalds/linux@9399f0c

A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.