– Red Hat Security Advisory 2024-8260-03 – Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8263-03 – Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8446-03 – An update for python3.9 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8447-03 – An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8449-03 – An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8455-03 – An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8461-03 – An update for krb5 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. – Read More – Packet Storm
– Adversary3 malware vulnerability intel tool for third-party attackers living off malware (LOM), updated with 700 malware and C2 panel vulnerabilities. – Read More – Packet Storm
– Lawo AG vsm LTC Time Sync versions prior to 4.5.6.0 suffer from a path traversal vulnerability. – Read More – Packet Storm
– Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a...
– [[{“value”:” Posted by malvuln on Oct 24 Adversary3 malware vulnerability intel tool for third-party attackers living off malware (LOM), updated with 700 malware and C2 panel vulnerabilities https://github.com/malvuln/Adversary3 Thanks, malvuln“}]] – Read More – Full Disclosure
– [[{“value”:” Posted by Sandro Gauci via Fulldisclosure on Oct 24 Dear Full Disclosure community, We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations”. White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf Key points: 1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…“}]] – Read More – Full Disclosure
– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24 SEC Consult Vulnerability Lab Security Advisory < 20241024-0 > ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG – vsm LTC Time Sync (vTimeSync) vulnerable version: <4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049 impact: high homepage:…“}]] – Read More ...
– Red Hat Security Advisory 2024-8238-03 – Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8365-03 – An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8374-03 – An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. – Read More – Packet Storm
– A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. – Read More – Packet Storm
– Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 allows cross site scripting via SVG animate attributes. – Read More – Packet Storm
– This repository contains a Python script that exploits a remote code execution vulnerability in Grafana’s SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution. – Read More ...
– Helakuru version 1.1 suffers from a dll hijacking vulnerability. – Read More – Packet Storm
– Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure’s asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server....
– ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Red Hat Security Advisory 2024-8355-03 – An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8356-03 – An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8357-03 – An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a privilege escalation vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8358-03 – An update for NetworkManager-libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-8359-03 – An update for the python39:3.9 and python39-devel:3.9 module is now available for Red Hat Enterprise Linux 8. – Read More – Packet Storm
– Ubuntu Security Notice 7079-1 – Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. – Read More – Packet Storm
– Ubuntu Security Notice 7081-1 – It was discovered that the Go net/http module did not properly handle responses to requests with an “Expect: 100-continue” header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could...
– Ubuntu Security Notice 7082-1 – Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information. – Read More – Packet Storm
– ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver’s log file containing system information running on the device. – Read More – Packet Storm
– ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver’s log file containing system information running on the device. – Read More – Packet Storm
– Ubuntu Security Notice 7042-3 – USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created...
– An error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is cleaned up, making physical page use-after-free possible. Some other drivers look like they might have similar issues. – Read More – Packet Storm
– Ubuntu Security Notice 7062-2 – USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code. – Read More –...
– Ubuntu Security Notice 7072-2 – Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7078-1 – Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. – Read More – Packet Storm
– Ubuntu Security Notice 7080-1 – Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses. – Read More – Packet Storm
– This white paper, titled “DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations,” details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS “ClientHello” messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation. – Read More ...
– ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script. – Read More – Packet Storm
– Debian Linux Security Advisory 5794-1 – Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. – Read More – Packet Storm
– Debian Linux Security Advisory 5795-1 – Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
