⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI loweri...

EUVD-2015-0790

Malware in sbrugna...

EUVD-2015-5318

Malware in sbrugna...

EUVD-2013-3830

Malware in sbrugna...

EUVD-2017-9192

Malware in sbrugna...

EUVD-2022-34836

Malicious code in bioql PyPI...

CVE-2024-38887

CVE-2024-38887 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663–24.0.1.2405. The issue allows a remote attacker to expand control over the operating system from the database by executing commands with unnecessary privileges. Impact is described as total compromise in the sour...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 import os,base64,time systempth = "/usr/lib/...

CVE-2022-33923

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

Victorian Machinery Victorian Machinery is a proof of concept...

Exploit for OS Command Injection in Sophos Unified_Threat_Management

CVE-2020-25223 A PoC script for testing CVE-2020-2...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. Memory corruption in the application allows an attacker to exploit the vulnerability to execute arbitrary code on the host OS...

CVE-2015-3214

The pitioportread in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index...

CVE-2013-1796

The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME operation, which allows guest OS users to cause a denial of service buffer overflow and host OS memory corruption or possibly have...

SINIT Buffer Overflow Vulnerability

Summary: Intel® Trusted Execution Technology SINIT Authenticated Code Modules ACMs are susceptible to a buffer overflow issue. Intel is providing updated SINIT ACMs to mitigate this issue and microcode updates to revoke vulnerable SINIT ACMs. Description: When Intel® Trusted Execution Technology...