Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

How HTTP/2 Persistent Connections Help Improve Performance and User Experience

...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

OpenShift API for Data Protection OADP 1.3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

Fortinet FortiSandbox Path Traversal Vulnerability (CNVD-2024-21266)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...

Moderate: Red Hat Security Advisory: VolSync 0.9.1 security fixes and enhancements

VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Malicious code in @lbnqduy11805/psychic-waffle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0283930fe8d814ee74e54a0c5c9840cfb9db19835aeb82c67a360d39407e4132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @lbnqduy11805/stunning-fishstick (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b1698a95126b49cf4de64fe4eb7992fc33dc6fd9d81197fa0bc6ac1bece66f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of microprogramming software for Intel Optane PMem 100 Series persistent memory modules, related to access segmentation deficiencies, allows attackers to exploit their privileges.

The vulnerability of microprogramming software for Intel Optane PMem 100 Series persistent memory modules is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2023-50821

CVE-2023-50821 affects Siemens SIMATIC WinCC/PCS 7 products (various V9.1/V17/V18/V19/V7.5/V8.0 lines). The root cause is improper validation of input in the login dialog, described as a classic buffer overflow in some sources, enabling a local attacker to cause a persistent denial-of-service con...

CVE-2023-50821

A vulnerability has been identified in SIMATIC PCS 7 V9.1 All versions V9.1 SP2 UC04, SIMATIC WinCC Runtime Professional V17 All versions V17 Update 8, SIMATIC WinCC Runtime Professional V18 All versions V18 Update 4, SIMATIC WinCC Runtime Professional V19 All versions V19 Update 1, SIMATIC WinCC...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A path traversal vulnerability exists in Fortinet FortiSandbox, which stems fr...

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

UBUNTU-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-26813 vfio/platform: Create persistent IRQ handlers

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

BIT-ZOOKEEPER-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...