CVE-2024-40111

CVE-2024-40111 describes a stored XSS in Automad 2.0.0-alpha.4. The vulnerability lets an attacker inject JavaScript into the template body which is saved by the flat-file CMS and executed in the browser of any user visiting the page (e.g., forum). Practical impact stated across sources includes ...

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...

CVE-2023-6452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Web Security Transaction Viewer allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It h...

PT-2024-30556 · Khoj · Khoj

Name of the Vulnerable Software and Affected Versions: Khoj versions prior to 1.15.0 Description: The Automation feature in Khoj allows users to insert arbitrary HTML inside task instructions, resulting in a Stored XSS. The q parameter for the "/api/automation" endpoint does not get correctly...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.1 bug fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

DEBIAN-CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

ALPINE-CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

UBUNTU-CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

SUSE CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

Flatpak 安全漏洞

Flatpak is a Flatpak open source system for building, distributing and running sandboxed desktop applications on Linux. A security vulnerability exists in Flatpak versions prior to 1.14.0 and 1.15.10, which stems from the fact that an application using a persistent directory may access and write ...

[SECURITY] [DSA 5749-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5749-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 14, 2024 https://www.debian.org/security/faq -...

PT-2024-5878

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 1.14.0 and 1.15.10 Description The issue is related to how Flatpak handles persistent directories, allowing a malicious or compromised Flatpak app to access and write files outside of its intended sandbox. This is...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer CVE-2022-48627 In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop CVE-2022-49993 In the...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the...

CVE-2024-40893

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...

CVE-2024-40893 Firewalla BTLE Authenticated Command Injection

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

The top stories coming out of the Black Hat cybersecurity conference

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...

Open WebUI 0.1.105 Persistent Cross Site Scripting

KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...

Malicious code in syf-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aaf53164384bcbeeceafc8ee843317d9daac2a3f5fe99a0692b9f572f3fead3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...