Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

Unauthorized Access

SilverStripe is vulnerable to Unauthorized Access. The vulnerability is due to failure to restrict access via the URL parameters isDev and isTest with debugging tools intended only for development "dev mode", which allows unauthenticated users to expose sensitive debugging information typically...

OPENSUSE-SU-2024:10128-1 kernel-debug-4.8.13-1.1 on GA media

These are all security issues fixed in the kernel-debug-4.8.13-1.1 package on the GA media of openSUSE Tumbleweed...

Mattermost Desktop App Security Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App version 5.7.0 and earlier, which stems from an inability to disable certain Electron debugging flags, which allows bypassing TCC restrictions...

CVE-2024-32912

there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32912

there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

PT-2024-36843 · WordPress · Cf7 Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9 Description: The issue is related to a missing capability check on the execute post data cg7 free function, allowing unauthenticated attackers to modify dat...

GHSA-X2F4-8WXF-W3VF ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue and quoteValueList, allow users to manually quote values for creating SQL statements; these are in turn consumed by...

ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue and quoteValueList, allow users to manually quote values for creating SQL statements; these are in turn consumed by...

Debugging Backups with Longhorn CSI

Challenge Veeam Kasten for Kubernetes backup job that doesn't complete while using Longhorn CSI drivers is never-ending even after the proper installation of CSI snapshotter components and controllers. No errors are noticed generally for this issue. The job waits for the volumesnapshot object in...

SUSE CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to initia...

Exploit for CVE-2024-2961

Testing CVE-2024-2961 V1 - Under Analysis This repository c...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from freeing all hot-region debugging memory when removing regions, resulting in portions of memory that will be...

AutomationDirect P3-550E 安全漏洞

The AutomationDirect P3-550E is a programmable control system PLC from AutomationDirect USA. A security vulnerability exists in AutomationDirect P3-550E version 1.2.10.9, which stems from the presence of a residual debugging code vulnerability that could allow an attacker to send specially crafte...

GHSA-55QG-6C4M-MW6G silverstripe/framework's URL parameters `isDev` and `isTest` unguarded

The URL parameters isDev and isTest are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors including backtraces and other debugging tool...

Fedora: Security Advisory (FEDORA-2024-60627905b6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...