11/7/2023 0 Comments Maxbulk mailer 8.3.4The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. There are no known workarounds for this vulnerability. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Redis is an in-memory database that persists on disk. Processing web content may lead to arbitrary code execution. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. The issue was addressed with improved checks. There are no known workarounds for this issue. This issue has been addressed in version 1.93.0. These temporarily stored passwords are automatically erased after a 48-hour window. As a result, these passwords could inadvertently be captured in database backups for a longer duration. While this doesn't grant the server any added capabilities-it already learns the users' passwords as part of the authentication process-it does disrupt the expectation that passwords won't be stored in the database. When users update their passwords, the new credentials may be briefly held in the server database. Synapse is an open-source Matrix homeserver written and maintained by the Foundation. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.Įxposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. This vulnerability affects Firefox i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. (Chromium security severity: High)ĭuring Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Use after free in Passwords in Google Chrome prior to 1.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Use after free in Extensions in Google Chrome prior to 1.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 1.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free in Site Isolation in Google Chrome prior to 1.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Heap-based Buffer Overflow in GitHub repository vim/vim prior to. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. (Chromium security severity: High)Ī use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. Type confusion in V8 in Google Chrome prior to 1.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Inappropriate implementation in DevTools in Google Chrome prior to 1.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Inappropriate implementation in Navigation in Google Chrome prior to 1.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Inappropriate implementation in Fullscreen in Google Chrome prior to 1.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |