PT-2023-31164 · Asana · Asana Desktop

Name of the Vulnerable Software and Affected Versions: Asana Desktop version 2.1.0 Description: The issue allows code injection due to specific Electron Fuses, with inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments. This can be...

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

GLSA-202311-03 : SQLite: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202311-03 SQLite: Multiple Vulnerabilities - An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. CVE-2021-31239 - SQLite through 3.40.0, when relying o...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Information Disclosure

azurecli, is vulnerable to Information Disclosure. The vulnerability exists due to sensitive information thats exposed in log files, allowing an attacker to recover plaintext passwords and usernames from log files...

This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023

Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...

[SECURITY] Fedora 37 Update: pack-0.32.0-1.fc37

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fortinet FortiADC Buffer Overflow Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when the application processes untrusted input. An attacker could exploit the vulnerability to execute arbitrary cod...

Amazon Linux 2 : docker (ALASECS-2023-028)

The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-028 advisory. A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted...

Fedora: Security Advisory for pack (FEDORA-2023-5029b92850)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6480-1: .NET vulnerabilities

Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. CVE-2023-36558 Piotr Bazydlo discovered that .NET did not properly handle...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.2 packages and security update

Red Hat OpenShift Container Platform release 4.14.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CVE-2023-45625

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-45621

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point...

CVE-2023-45620

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point...

CVE-2023-45615

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2023-45614

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2023-45614

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...