CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

ROS-20240910-05

Nomad application orchestrator vulnerability related to vulnerability to write outside of catalog distribution during migration. Exploitation of the vulnerability could allow an attacker acting remotely, to impact the confidentiality, integrity, and availability of the...

Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

DRUPAL-CONTRIB-2024-038

Open Social is a Drupal distribution for online communities. The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not...

Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Open Social is a Drupal distribution for online communities. The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not...

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...

Debian dsa-5764 : libcrypto3-udeb - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5764 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5764-1 [email protected] https://www.debian.org/security/...

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

The vulnerability of the Dovecot mail server, which involves unlimited resource distribution, allows a hacker to perform a denial-of-service attack.

The vulnerability of the Dovecot mail server is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to perform a denial-of-service attack...

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool...

CVE-2023-45896

ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media and then leveraging local access to trigger an out-of-bounds read. A length val...

[SECURITY] [DSA 5757-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5757-1 [email protected] https://www.debian.org/security/ Andres Salomon August 23, 2024 https://www.debian.org/security/faq -...

GO-2022-1164 csaf-poc/csaf_distribution Cross-site Scripting vulnerability in github.com/csaf-poc/csaf_distribution

csaf-poc/csafdistribution Cross-site Scripting vulnerability in github.com/csaf-poc/csafdistribution...

RLSA-2024:5532 Important: python3.11-setuptools security update

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software...

[SECURITY] [DSA 5751-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5751-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 19, 2024 https://www.debian.org/security/faq -...

Important: Red Hat Security Advisory: python-setuptools security update

An update for python-setuptools is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: python-setuptools security update

The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools...

Important: python3.12-setuptools security update

Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software...

CVE-2024-42305 ext4: check dot and dotdot of dx_root before making dir indexed

In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dxroot before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D...