CVE-2024-52867

Summary: CVE-2024-52867 affects GNU Guix, specifically the guix-daemon prior to 5ab3c4c. Local users can escalate privileges because build outputs may be accessible before file metadata concerns for setuid/setgid programs are addressed. Affected component: guix-daemon (GNU Guix) before the refere...

kernel: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

CVE-2024-51745

Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...

CVE-2024-51745

Wasmtime on Windows had a sandbox bypass where filenames with superscript digits (e.g., COM¹, LPT⁰) were not blocked, allowing untrusted Wasm code with filesystem access to reach devices and peripherals via special device filenames. Affected software: Wasmtime’s Windows filesystem sandbox. Root c...

CVE-2024-51745

Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...

PT-2024-33683

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the way SuiteCRM checks PHP scripts against a blacklist of functions and methods to prevent the installation of malicious MLPs. However, thi...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2018:1254)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1254 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

OMRON Sysmac Studio 安全漏洞

Omron Sysmac Studio is a unique environment from Omron Japan that integrates logic, motion and drives, robotics, safety, visualization, sensing, and information technology into a single project, thereby reducing the learning curve and intraoperative software costs. A security vulnerability exists...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).

...

CVE-2024-49888 bpf: Fix a sdiv overflow issue

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error: Oops: divide error: 0000 1 PREEMPT SMP KASAN PTI The failure is due to the below signed divide:...

Denial of Service

This report is not public...

CVE-2024-21231

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

Vivo Fibra Askey RTF8225VW Command Execution

--- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to the sh shell on the Vivo Fibra modem. This method essentially involves terminating the aspsh shell and invoking sh using the output of cat /dev/null. Using the pipe | is crucial for this...

K000141393: Containerd vulnerability CVE-2021-41103

Security Advisory Description containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux...

kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...

kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

A flaw was found in the Linux kernel's bpf programs. Under certain conditions, when the kernel attempts to initiate a network connection using the kernelconnect function, it can return a value that causes the cxtcpsetupsocket function to loop. This issue can lead to continuous data writing to the...

FreeBSD : FreeBSD -- ktrace(2) fails to detach when executing a setuid binary (8fb61d94-771b-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8fb61d94-771b-11ef-9a62-002590c1f29c advisory. A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not...

ROS-20240815-11

Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to the creation of arbitrary files. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the integrity and confidentiality of the system. remotely to affect the...

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

A privilege escalation PE vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. Work around: Ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative...