GitLab 12.2 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13275)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 CVE-2020-13275 Note that Nessus has not tested for this issue but...

Imported Citrix Policy lists Delivery Group names from source site in the policy filter

If Citrix Policies are exported from a site and imported to a different site, the export caries Delivery Groups from source site in Assign Policy filter. Command to export & import policy Export-BrokerDesktopPolicy | Out-File -FilePath C:\Temp\PolicyExport.txt Import-BrokerDesktopPolicy Get-Conte...

Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is...

Web-School ERP SQL注入漏洞

Web-School ERP is an application from Web-School India. An ERP application. A SQL injection vulnerability exists in Web-School ERP version 1.0, which originates from a SQL injection vulnerability in the groupsid, examname, classesid, esvoucherid, esclass, etc parameters on the...

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

PT-2024-24463 · Logint · Logint Lomag Inventory Management

Name of the Vulnerable Software and Affected Versions: LOGINT LoMag Inventory Management versions 1.0.20.120 and before Description: The issue allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop, and frmSettings components. This is a SQL Injection...

kernel: virtio_vdpa: build affinity masks conditionally

A flaw was found in the Linux kernel's virtio vDPA driver. When the number of device queues exceeds the number of CPUs, the createaffinitymasks function triggers a kernel warning in groupcpusevenly. This occurs because the affinity logic assumes CPUs are not fewer than queue groups, which doesn't...

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...

RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 : OpenShift Serverless Client kn 1.29.0 (Moderate) (RHSA-2023:3450)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3450 advisory. Red Hat OpenShift Serverless Client kn 1.29.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.0. The kn CLI is delivered a...

GO-2024-2744 Access control change may take longer than expected in github.com/authelia/authelia/v4

If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to...

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment NERVE...

CVE-2024-32473

CVE-2024-32473 affects Moby (Docker Engine/related tooling). In 26.0.0 IPv6 was not disabled on interfaces, including those with --ipv6=false, allowing containers with ipvlan/macvlan to access local networks via IPv6, potentially receive SLAAC addresses, or join IPv6 multicast groups, increasing ...

SUSE CVE-2024-26837

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...

CVE-2024-26837

A flaw was found in the Linux kernel. A race condition in network bridge management could lead to a denial of service...

AZL-59442 CVE-2024-26837 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...

CVE-2024-26837 net: bridge: switchdev: Skip MDB replays of deferred events on offload

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...

CVE-2024-26837

CVE-2024-26837 affects the Linux kernel MDB offload replay handling. A race between generating the replay list and new MDB memberships could cause duplicates of a single event, leaving hardware-mounted memberships orphaned on bridge destruction. The fix guards MDB replay against deferred events ...

CVE-2024-26837 net: bridge: switchdev: Skip MDB replays of deferred events on offload

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...

ProfileGrid < 5.7.9 - Cross-Site Request Forgery

Description The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.8. This is due to missing or incorrect nonce validation in the admin/partials/add-group.php file. This makes it possible for unauthenticated attackers to delete group...