Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

RLSA-2024:3667 Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

RHEL 9 : cockpit (RHSA-2024:3843)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3843 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

ALSA-2024:3843 Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

GHSA-8H4M-R4WM-XJ7R TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

Moderate: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:3667 Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

RHEL 8 : cockpit (RHSA-2024:3667)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3667 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

GHSA-F9HR-7CFQ-MJG2 TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

TYPO3 Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability. Derivatives of...

CVE-2021-47549

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod satafsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to...

CVE-2021-47549

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod satafsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to...

CVE-2021-47549

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod satafsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to...

CVE-2021-47549

CVE-2021-47549 affects the Linux kernel via the sata_fsl driver. The documented issue is a use-after-free (UAF) in sata_fsl_port_stop triggered during rmmod sata_fsl.ko on PPC64 GNU/Linux, where after port_stop is invoked, an ioread32 on hcr_base leads to a kernel OOPS and potential memory access...

CVE-2021-47549 sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod satafsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to...

CVE-2021-47549 sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl

In the Linux kernel, the following vulnerability has been resolved: satafsl: fix UAF in satafslportstop when rmmod satafsl When the rmmod satafsl.ko command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to...

ROS-20240423-03

Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...