Hírolvasó

NVD: all CVE · 2023. május 30.

CVE-2023-24826

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.
Linux security Advisories · 2023. május 30.

Ubuntu 6121-1: Nanopb vulnerabilities

Several security issues were fixed in Nanopb.
Linux security Advisories · 2023. május 30.

Debian LTS: DLA-3438-1: kamailio security update

It was discovered that there was a potential denial-of-service (DoS) attack in the Kamailio SIP telephony server. This was caused by the Kamailio server mishandling INVITE requests with duplicated fields.
NVD: all CVE · 2023. május 30.

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
NVD: all CVE · 2023. május 30.

CVE-2023-24568

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.
NVD: all CVE · 2023. május 30.

CVE-2023-24817

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack.
NVD: all CVE · 2023. május 30.

CVE-2023-24825

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.
NVD: all CVE · 2023. május 30.

CVE-2023-28079

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
NVD: all CVE · 2023. május 30.

CVE-2023-28080

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
NVD: all CVE · 2023. május 30.

CVE-2023-32448

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
ECHO Network · 2023. május 30.

CVE-2023-33234

ECHO Network · 2023. május 30.

CVE-2023-2023

ECHO Network · 2023. május 30.

CVE-2023-2256

ECHO Network · 2023. május 30.

CVE-2023-1938

ECHO Network · 2023. május 30.

CVE-2023-0733