[SECURITY] Fedora 40 Update: kddockwidgets-1.7.0-10.fc40

Qt dock widget library written by KDAB, suitable for replacing QDockWidget and implementing advanced functionalities missing in Qt...

keycloak: Unguarded admin REST API endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

[SECURITY] Fedora 39 Update: ruff-0.3.7-2.fc39

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...

Fedora: Security Advisory for rust-scx_rustland (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1144

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...

Privilege Escalation

firefox is vulnerable to Privilege Escalation. The vulnerability is caused due to insufficient access controls.This allows an attacker to access sensitive information, systems, or functionalities that should be restricted...

CVE-2023-6929

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

Authorization

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...

CVE-2023-33071

CVE-2023-33071 affects Automotive OS where memory corruption occurs when untrusted applications access HAb for graphics functionalities. The incident is described across multiple feeds (NVD, Red Hat, CVE lists, and vendor summaries) as a memory corruption vulnerability in the Automotive OS graphi...

CVE-2023-33071 Improper Access Control in Automotive OS Platform Android

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities...

DakshSCRA - Source Code Review Assist

Daksh SCRA Source Code Review Assist tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...

Design/Logic Flaw

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

Lack of Oracle Price Validation in rUSDY

Lines of code Vulnerability details Summary Ondo's custom oracle, RWADynamicOracle, is responsible for delivering the price of USDY to the rUSDY token contract. The oracle is called in four different functions for the price of USDY; the results of which are also used in core functions in the toke...

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced...

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) Vulnerability

Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100...

Design/Logic Flaw

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

OPENSUSE-SU-2023:0157-1 Security update for keepass

This update for keepass fixes the following issues: Update to 2.54 Security: + Improved process memory protection of secure edit controls CVE-2023-32784, boo1211397. New Features: + Triggers, global URL overrides, password generator profiles and a few more settings are now stored in the enforced...

CVE-2023-33443

Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation Vulnerability

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

Reseller role allowed to access to admin functionalities

Description The reseller user can access to some admin functionality just directly accessing to it by URL, even though the menu shouldn't allow it. Proof of Concept - Go to https://v2.demo.froxlor.org - Login as reseller1 - Point to: https://v2.demo.froxlor.org/adminopcacheinfo.php?page=showinfo...