OBS-Vigilance

TitleDescriptionDate
OpenSC: out-of-bounds memory reading via MyEID Driver Symmetric Key Encryptionopen in new windowAn attacker can force a read at an invalid memory address of OpenSC, via MyEID Driver Symmetric Key Encryption, in order to trigger a denial of service, or to obtain sensitive information...Visit link for details
IBM Informix JDBC Driver: code execution via API JNDI Injectionopen in new windowAn attacker can use a vulnerability of IBM Informix JDBC Driver, via API JNDI Injection, in order to run code...Visit link for details
Linux kernel: use after free via igmp_start_timer()open in new windowAn attacker can force the reuse of a freed memory area of the Linux kernel, via igmp_start_timer(), in order to trigger a denial of service, and possibly to run code...Visit link for details
Linux kernel: buffer overflow via perf_event_validate_size()open in new windowAn attacker can trigger a buffer overflow of the Linux kernel, viaVisit link for details
Kitty: code execution via Application/x-sh Mime Typeopen in new windowAn attacker can use a vulnerability of Kitty, via Application/x-sh Mime Type, in order to run code...Visit link for details
Apple iOS macOS: multiple vulnerabilitiesopen in new windowAn attacker can use several vulnerabilities of Apple iOS macOS...Visit link for details
OpenSSH: egress filtrering bypass via Ssh-agent Destination Constraints Multiple Keysopen in new windowAn attacker can bypass filtering rules of OpenSSH, via Ssh-agent Destination Constraints Multiple Keys, in order to exfilter sensitive data...Visit link for details
Keycloak: Cross Site Scripting via form_post.jwtopen in new windowAn attacker can trigger a Cross Site Scripting of Keycloak, via form_post.jwt, in order to run JavaScript code in the context of the web site...Visit link for details
PyInstaller: file deletionopen in new windowAn attacker can bypass access restrictions of PyInstaller, in order to delete a file...Visit link for details
libsass: buffer overflow via CompoundSelector::has_placeholder()open in new windowAn attacker can trigger a buffer overflow of libsass, viaVisit link for details