– Debian Linux Security Advisory 5688-1 – It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2668-03 – Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2667-03 – Red Hat build of MicroShift release 4.15.12 is now available with updates to packages and images that include a security update. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2671-03 – Red Hat build of MicroShift release 4.14.24 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2669-03 – Red Hat OpenShift Container Platform release 4.15.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2672-03 – Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and denial of service vulnerabilities. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2793-03 – An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2705-03 – An update is now available for Red Hat build of Quarkus. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2799-03 – An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities. – Read More – Packet Storm
– Ubuntu Security Notice 6770-1 – USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The update lead to the discovery of a regression in Fossil with regards to the handling of POST requests that do not have a Content-Length field set. This update fixes the problem. – Read More – Packet Storm
– Ubuntu Security Notice 6769-1 – Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. An Pham discovered that Spreadsheet::ParseXLSX allowed the processing of external entities in a default configuration. An attacker could possibly use...
– Ubuntu Security Notice 6768-1 – Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation. – Read More – Packet Storm
– Debian Linux Security Advisory 5686-1 – Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. – Read More – Packet Storm
– Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities. – Read More – Packet Storm
– Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability. – Read More – Packet Storm
– The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included. – Read More – Packet Storm
– The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set...
– AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. – Read More –...
– I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version. – Read More – Packet Storm
– RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities. – Read More – Packet Storm
– Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– [[{“value”:” Posted by Security Explorations on May 09 Hello All, We have come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. More specifically, we successfully demonstrated the extraction of the following keys: – private signing...
– [[{“value”:” Posted by Martin Heiland via Fulldisclosure on May 06 Dear subscribers, We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack. This advisory has also been published at https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html. Yours sincerely, Martin...
– [[{“value”:” Posted by Simon Bieber via Fulldisclosure on May 06 secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 (older releases have not been tested) References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates) CVE-2024-34481 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS-B: 6.4 (…“}]] – Read More – Full Disclosure
– Gentoo Linux Security Advisory 202405-12 – Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202405-11 – Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202405-13 – A vulnerability has been discovered in borgmatic, which can lead to shell injection. Versions greater than or equal to 1.8.8 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202405-14 – Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202405-16 – A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected. – Read More – Packet Storm
– Gentoo Linux Security Advisory 202405-15 – Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected. – Read More – Packet Storm
– This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host. – Read More – Packet Storm
– The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more. It demonstrates weak content protection in the environment of CANAL+. The proof of concept exploit 3 year old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over...
– Systemd-run/run0 allocates user-owned ptys and attaches the slave to high privilege programs without changing ownership or locking the pty slave. – Read More – Packet Storm
– AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. – Read More –...
– Post Content – Read More – Packet Storm
– [[{“value”:” Posted by Security Explorations on May 06 Hello All, We released codes for “Microsoft PlayReady toolkit”, a tool that has been developed as part of our research from 2022: https://security-explorations.com/microsoft-playready.html#details The toolkit illustrates the following: – fake client device identity generation, – acquisition of license and content keys for encrypted content, – downloading and decryption of content, – content...
– [[{“value”:” Posted by PT via Fulldisclosure on May 03 Live2D Cubism is the dominant “vtuber” software suite for 2D avatars for use in livestreaming and integrating them in other software. They publish various SDKs and a frameworks for integrating their libraries with your own program. You’re supposed to use those to deserialize and render/animate the models created with their main...
– Red Hat Security Advisory 2024-2054-03 – Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2071-03 – Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2068-03 – Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2674-03 – An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. – Read More – Packet Storm
– SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php. – Read More – Packet Storm
– Red Hat Security Advisory 2024-2679-03 – An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability. – Read More – Packet Storm
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
