RD55UP06-V, Security Vulnerabilities

CVE-2024-37676

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings...

PCI DSS v4.0: What You Need to Know and What the End of v3.2.1 Means for the Future of Digital Payments

On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS) with the publication of its new sets of protocols and security standards for v4.0. With the continued rise in cyber threats against...

Exploit for CVE-2024-36527

CVE-2024-36527 PoC and Bulk Scanner...

HUMINT in a cyber world

TL;DR HUMINT / Human Intelligence is gathered from a person in the location in question. It’s the sort of information we think of in the context of spying. A modern intelligence apparatus is multi-discipline with many different collection methods. HUMINT sources include officers, agents,...

CVE-2024-37676

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings...

CVE-2024-37699

An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in...

Exploit for CVE-2024-34470

CVE-2024-34470 PoC and Bulk Scanner Overview This is a...

Ubuntu: Security Advisory (USN-6818-4)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

linux-hwe-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I.....

Linux kernel (HWE) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-hwe-6.5 - Linux hardware enablement (HWE) kernel Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

obx Prototype Pollution

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

obx Prototype Pollution

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a...

CVE-2024-36573

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

CVE-2024-36573

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

Microsoft Recall delayed after privacy and security concerns

Microsoft has announced it will postpone the broadly available preview of the heavily discussed Recall feature for Copilot+ PCs. Copilot+ PCs are personal computers that come equipped with several artificial intelligence (AI) features. The Recall feature tracks anything from web browsing to voice.....

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id...

Ubuntu: Security Advisory (USN-6818-3)

The remote host is missing an update for...

CVE-2024-36573

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

obx Prototype Pollution

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

Ubuntu: Security Advisory (USN-6821-4)

The remote host is missing an update for...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

Exploit for OS Command Injection in Php

CVE-2024-4577 In PHP when using Apache and PHP-CGI on...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

linux-nvidia-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

linux-azure, linux-azure-fde vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities

Summary: Best-Fit is a character mapping strategy designed to resolve the issue when characters in the source code page lack a direct equivalent in the target code page. During the conversion of characters from a Unicode code page to a non-Unicode code page, if a corresponding character cannot be.....

Exploit for CVE-2024-27956

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection...

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a...

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...