GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...

cvex

cvex A curated repository dedicated t...

Ubuntu 24.10 : rsync vulnerabilities (USN-7206-3)

The remote Ubuntu 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7206-3 advisory. USN-7206-1 fixed vulnerabilities in Ubuntu 14.04 LTS to Ubuntu 24.04 LTS. This update provides the corresponding updates for Ubuntu 24.10. Tenable has...

Fedora 40 : mediawiki (2025-11277f6779)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-11277f6779 advisory. https://lists.wikimedia.org/hyperkitty/list/wikitech- [email protected]/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/...

Fedora 41 : mediawiki (2025-25b16d6561)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-25b16d6561 advisory. https://lists.wikimedia.org/hyperkitty/list/wikitech- [email protected]/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-Exploit This repository provides a Python scri...

openSUSE 15 Security Update : gh (openSUSE-SU-2025:0021-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0021-1 advisory. - Update to version 2.65.0: Bump cli/go-gh for indirect security vulnerability Panic mustParseTrackingRef if format is incorrect Move trackingRef into pr...

OPENSUSE-SU-2025:0021-1 Security update for gh

This update for gh fixes the following issues: - Update to version 2.65.0: Bump cli/go-gh for indirect security vulnerability Panic mustParseTrackingRef if format is incorrect Move trackingRef into pr create package Make tryDetermineTrackingRef tests more respective of reality Rework...

SAP NetWeaver AS ABAP Privilege Escalation (3537476)

SAP NetWeaver Application Server for ABAP is affected by privilege escalation vulnerability. SAP NetWeaver Application Server ABAP allows allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. O...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the...

Scaling Dynamic Application Security Testing (DAST)

Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development...

MAL-2025-251 Malicious code in testing-in-reise (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7336c52cac589d1a566dcb47ec9914f98494234e4fb8d9c5b36832279776c67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in testing-in-reise (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7336c52cac589d1a566dcb47ec9914f98494234e4fb8d9c5b36832279776c67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frontend-testing-redefined (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a3ef574dfd16ebf3d9533ff76d09cb94946f1acc9fb1708fc6239061a77c88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FreeBSD : electron31 -- multiple vulnerabilities (3161429b-3897-4593-84a0-b41ffbbfa36b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3161429b-3897-4593-84a0-b41ffbbfa36b advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

CVE-2024-57917 topology: Keep the cpumask unchanged when printing cpumap

In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values 15 and 11 from vsnprintf"%pbl ", ... test:keyward is WARNING in kvasprintf WARNING: CPU:...

CVE-2024-57917

CVE-2024-57917 : In the Linux kernel, the cpumask may be modified during printing of cpumap, causing mismatched lengths in kvasprintf-based formatting. The fix caches the cpumask to a temporary variable before cpumap_print_{list, cpumask}_to_buf() to keep it unchanged during printing. Impact is p...