– Debian Linux Security Advisory 5812-1 – Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation. – Read More – Packet Storm
– Ubuntu Security Notice 7108-1 – Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request...
– Debian Linux Security Advisory 5814-1 – A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. – Read More – Packet Storm
– Debian Linux Security Advisory 5813-1 – Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass. – Read More – Packet Storm
– SOPlanning version 1.52.01 authenticated remote code execution exploit. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202411-7 – A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202411-9 – Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202411-8 – A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected. – Read More – Packet Storm
– CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host....
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Ubuntu Security Notice 7049-2 – USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. – Read More – Packet Storm
– Ubuntu Security Notice 7110-1 – Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7089-5 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– Ubuntu Security Notice 7071-2 – A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7111-1 – Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan...
– Ubuntu Security Notice 7088-5 – Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7112-1 – It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. – Read More – Packet Storm
– Ubuntu Security Notice 7089-6 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application. – Read More – Packet Storm
– Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9601-03 – An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities. – Read More – Packet Storm
– Ubuntu Security Notice 7107-1 – It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. – Read More – Packet Storm
– Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. – Read More – Packet Storm
– This is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a list of domains are potentially vulnerable to this specific security issue. This issue affected PHP-CGI versions 8.1 before 8.1.29, 8.2...
– Ubuntu Security Notice 7109-1 – Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan...
– Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module...
– Ubuntu Security Notice 7089-4 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– Post Content – Read More – Packet Storm
– Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. – Read More – Packet Storm
– TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
