Category: Alert Feeds

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20241125-0 > ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element (extension module for Siemens SICAM AK3/TM/BC), Siemens CP-2016 & CP-2019 vulnerable version: JTAG: Unknown HW revision, Zynq Firmware…“}]] – Read More  – Full Disclosure 

– [[{“value”:” Posted by Mark Esler on Nov 27 The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race condition on /proc/$PID/exec evaluation”) [0], introduced a regression which was subsequently fixed 42af5d3 (“core: fix regression of false positives for processes running in chroot or mountns (#317)”) [1]. Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review. [0] https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59…“}]] – Read More ...

– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20241127-0 > ======================================================================= title: Stored Cross-Site Scripting product: Omada Identity vulnerable version: <v15U1, <v14.14 hotfix #309 fixed version: v15U1, v14.14 hotfix #309 CVE number: CVE-2024-52951 impact: Medium homepage:…“}]] – Read More  – Full Disclosure 

– Post Content – Read More  – Packet Storm 

– ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script. – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9990-03 – An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9989-03 – An update for python-webob is now available for Red Hat OpenStack Platform 17.1. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9988-03 – An update for python-requests is now available for Red Hat OpenStack Platform 17.1. – Read More  – Packet Storm 

– GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI,...

– Red Hat Security Advisory 2024-9991-03 – An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5817-1 – Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. – Read More  – Packet Storm 

– The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using...

– Debian Linux Security Advisory 5818-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. – Read More  – Packet Storm 

– Ubuntu Security Notice 7124-1 – Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 23 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly...

– Ubuntu Security Notice 7121-3 – Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a...

– A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably...

– Korenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability. – Read More  – Packet Storm 

– SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities. – Read More  – Packet Storm 

– fronsetia version 1.1 suffers from a cross site scripting vulnerability. – Read More  – Packet Storm 

– fronsetia version 1.1 suffers from an XML external entity injection vulnerability. – Read More  – Packet Storm 

– PowerVR has an issue where PVRSRVAcquireProcessHandleBase() can cause psProcessHandleBase reuse when PIDs are reused. – Read More  – Packet Storm 

– This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server. – Read More  – Packet Storm 

– Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user. – Read More  – Packet Storm 

– This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via...

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm