Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-33250: KASAN: slab-use-after-free Read in iopt_unmap_iova_range

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

CVE
Open in Source
#ios#google#ubuntu#linux#git#c++#bios
CVE-2021-46888: Release 1.23 · simonmichael/hledger

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.

CVE-2023-32700: luatex-1.17.0 update - tex-live mailing list

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.

The Underground History of Turla, Russia's Most Ingenious Hacker Group

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.”

Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492 (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a

CVE-2023-28529: Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2023-28529)

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.

CVE-2023-30774: heap-buffer-overflow in tiffcrop (#463) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

CVE-2023-30775: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (#464) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

CVE-2023-28514: Security Bulletin: IBM MQ is affected by a sensitive information disclosure vulnerability (CVE-2023-28514)

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Ubuntu Security Notice USN-6092-1

Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.