4314 matches found
MS17-010 SMB Remote Code Execution Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 SMB RCE Detection', 'Description' = %q Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it...
SAMR Computer Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb/dcerpc/client' class MetasploitModule 'SAMR Computer Management', 'Description' = %q Add, lookup and delete computer / machine accounts via MS-SAMR. By...
General Electric D20 Password Recovery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...
PT-2024-32733
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue concerns the order of rate limits for ICMP messages in the Linux kernel. To avoid side-channel attacks, the per destination check needs to be applied first. The patch changes the orde...
SUSE CVE-2024-44941
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanitycheckextentcache+0x370/0x410 fs/f2fs/extentcache.c:46 Read of size 4 at addr ffff8880739ab220 by...
CVE-2024-8155
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseControllertree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort...
Malicious code in oz-merkle-tree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
MAL-2024-10100 Malicious code in oz-merkle-tree (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...
AZL-48150 CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
AZL-48162 CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
AZL-48154 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.2.9-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
DEBIAN-CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
ALPINE-CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
UBUNTU-CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
SUSE CVE-2022-48877
In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27:...
SUSE CVE-2023-52902
In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in dommap error path The preallocation of the maple tree nodes may leak if the error path to "errorjustfree" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all err...
CVE-2023-52900
A vulnerability was found in the Linux kernel's nilfs2 file system where improper sanitization checks can result in a general protection fault caused by how the nilfsbtreeinsert function interprets a return value -ENOENT from the nilfsbtreegetblock function. This return value is used to indicate...
DEBIAN-CVE-2023-52902
In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in dommap error path The preallocation of the maple tree nodes may leak if the error path to "errorjustfree" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all err...
CVE-2023-52900
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...