UBUNTU-CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

Malicious code in discord-datas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdc0b10c3c3f41706cb302d6e6b02afb133f5baa93c16a2b34c6f32a6a242c22 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

Malicious code in @content-platform/fadam-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38b39e3ee36cc6bc7c45845d588a859e0f041b0ecbc3caaebd1ff022e1fe7132 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping XSS flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt used...

CVE-2023-32173

The CVE-2023-32173 entry concerns Unified Automation UaGateway: a DoS flaw in the AddServer method where crafted arguments can inject invalid characters into an XML configuration file. The impact is a persistent denial-of-service condition, with network exposure and required authentication when t...

CVE-2023-32173 Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 CVSS score: 9.8, which affects D-Link DIR-645...

CVE-2024-4337

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...

CVE-2024-4336

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user...

unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

GHSA-5X96-J797-5QQW Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

How HTTP/2 Persistent Connections Help Improve Performance and User Experience

...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

OpenShift API for Data Protection OADP 1.3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

Fortinet FortiSandbox Path Traversal Vulnerability (CNVD-2024-21266)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a path traversal vulnerability that can be...