Search & Replace Security Vulnerabilities

Unbreakable Enterprise kernel security update

[4.1.12-124.84.2] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251327] {CVE-2024-1086} [4.1.12-124.84.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334311] - kobject: Fix slab-out-of-bounds in...

Intel PowerGadget 3.6 Local Privilege Escalation Vulnerability

...

Teleport: SSRF in region parameter that leads to AWS Teleport role AWS account takeover

You have an Integration page in Teleport where one of the options is AWS OIDC which will allow people in Teleport to add resources fluently without actually having initial access to these resources or installing any agents on them. You will need to have connected and ready OIDC integration with...

[SECURITY] Fedora 38 Update: suricata-6.0.17-1.fc38

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 39 Update: suricata-6.0.17-1.fc39

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

R2Frida - Radare2 And Frida Better Together

This is a self-contained plugin for radare2 that allows to instrument remote processes using frida. The radare project brings a complete toolchain for reverse engineering, providing well maintained functionalities and extend its features with other programming languages and tools. Frida is a...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP4) (SUSE-SU-2024:1063-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1063-1 advisory. An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 XZ-Utils Vulnerability Checker and Fixer...

Un-sanitized metric name or labels can be used to take over exported metrics

Impact In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-get(String.self, at: "lang") Counter ( label: "language", dimensions: [("lang", lang ?? "unknown" )] ) an attacker could make use of this and send a ?lang query...

Un-sanitized metric name or labels can be used to take over exported metrics

Impact In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-get(String.self, at: "lang") Counter ( label: "language", dimensions: [("lang", lang ?? "unknown" )] ) an attacker could make use of this and send a ?lang query...

[slackware-security] coreutils

New coreutils packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a...

Slackware: Security Advisory (SSA:2024-088-03)

The remote host is missing an update for...

Dell Security Management Server <1.9.0 - Local Privilege Escalation Exploit

...

SUSE SLES15 Security Update : kernel (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:1045-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1045-1 advisory. An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:1039-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1039-1 advisory. There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the...

Untrusted Search Path

PanelSwWix4.Sdk is vulnerable to Untrusted Search Path. The vulnerability is due to Burn's practice of copying binaries to the unprotected C:\Windows\Temp directory and running them from that unprotected location. This directory is not adequately protected against low privilege user modifications,....

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP5) (SUSE-SU-2024:1023-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1023-1 advisory. An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation...

Dell Security Management Server &lt;1.9.0 - Local Privilege Escalation

...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:0995-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0995-1 advisory. An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation...

Dell Security Management Server Privilege Escalation

...

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:0986-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0986-1 advisory. An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation...

libreoffice security fix update

[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...

Security Bulletin: Vulnerability of okio-1.13.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE are vulnerable to okio-1.13.0.jar CVE-2023-3635. The workaround includes okio-1.13.0.jar upgraded to okio-3.5.0.jar . Vulnerability Details **...

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

It's pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of.....

Exploit for Out-of-bounds Write in Google Android

Fluoride Bluetooth stack Building and running on AOSP...

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to....

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

...

Sharepoint Dynamic Proxy Generator Remote Command Execution

...

Internet Bug Bounty: Path traversal by monkey-patching Buffer internals

Summary: In Node.js 20 and Node.js 21, the permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve().....

Path Traversal

getgrav/grav is vulnerable to Path Traversal. The vulnerability is due to missing .. sanitization of upload file paths, which allows an attacker to replace or create files with specific extensions such as .json, .zip, .css, .gif,...

Improper Privilege Management

Snowflake Hive MetaStore Connector is vulnerable to Improper Privilege Management. The vulnerability is caused due to improper content validation within the add_snowflake_hive_metastore_connector_script_action.sh script, allowing a malicious actor to replace the valid content with malicious code,.....

Craft CMS 4.4.14 Remote Code Execution

...

Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS

Description The plugin does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site...

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS

Description The plugin does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

...

Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following HTML (replace FORM_ID with a valid ID): The security field isn't validated and the...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

Checkmk < 2.1.0p41, 2.2.x < 2.2.0p24, 2.3.x < 2.3.0b4 Multiple Privilege Escalation Vulnerabilities

Checkmk is prone to multiple privilege escalation ...

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921 Grav File Upload Path Traversal vulnerability

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....