CVE-2024-4889

CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 Vulnerability Overview ⚠️Note! Please do not c...

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Adobe Security Bulletins and apply necessary...

The vulnerability of the smc_chan_free() function in the drivers/firmware/arm_scmi/smc.c module of the ARM System Control and Management Interface (SCMI) implementation of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smcchanfree function in the drivers/firmware/armscmi/smc.c module, which is part of the ARM System Control and Management Interface SCMI implementation in the Linux operating system, relates to the re-release of previously released memory. Exploiting this vulnerability...

The vulnerability of the scmi_perf_domain_remove() function in the drivers/pmdomain/arm/scmi_perf_domain.c driver of the System Control and Management Interface (SCMI) kernel of the Linux operating system allows a malicious actor to cause a service failure.

The vulnerability of the scmiperfdomainremove function in the drivers/pmdomain/arm/scmiperfdomain.c file of the System Control and Management Interface SCMI driver for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker ...

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application Version 3.7.9 and earlier UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18...

webkitgtk: Processing web content may lead to arbitrary code execution

A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems...

DEBIAN-CVE-2022-48655

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds violation when the SCMI driver misbehaves...

Oracle Releases Critical Patch Update Advisory for April 2024

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following...

AZL-55971 CVE-2024-26893 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chanfree callback function, defined by each transport. Since multiple protocols might share the same...

CVE-2024-29454

CVE-2024-29454 is rejected/not used; this candidate was withdrawn and does not represent an active vulnerability entry.

Apple Released Security Updates for Safari and macOS

Apple released security updates to address a vulnerability CVE-2024-1580 in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...

UBUNTU-CVE-2023-52608

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a...

CVE-2024-25951

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system...

CVE-2024-25951

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system...

Dell iDRAC8 Security Vulnerability

The Dell iDRAC8 is a controller from Dell, Inc. It provides provides comprehensive, embedded management, and automation capabilities across the PowerEdge family of servers. A security vulnerability exists in Dell iDRAC8 versions prior to 2.85.85.85. An attacker could exploit this vulnerability to...

IBM Security Verify Access Trust Management Issues Vulnerability

IBM Security Verify Access is a service from International Business Machines IBM that improves user access security. A trust management issue vulnerability exists in IBM Security Verify Access, which can be exploited by a remote attacker to submit a special request that can unauthorized control t...