ROS-20240815-11

Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to the creation of arbitrary files. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the integrity and confidentiality of the system. remotely to affect the...

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

A privilege escalation PE vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. Work around: Ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative...

CVE-2024-6760

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which...

CVE-2024-6760 ktrace(2) fails to detach when executing a setuid binary

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which...

[SECURITY] Fedora 40 Update: orc-0.4.39-1.fc40

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic...

Yokogawa CENTUM Improper Access Control (CVE-2024-5650)

If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as...

ROS-20240807-07

Vulnerability in implementation of PreparedStatement.setText or PreparedStatement.setBytea methods of JDBC driver PgJDBC methods for connecting Java programs to a PostgreSQL database is related to unsafe temporary files. Exploitation of the vulnerability could allow an attacker to disclose...

PT-2024-37854 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A logic bug in the code disables kernel tracing for setuid programs, allowing unprivileged users to trace and inspect the behavior of setuid programs. This bug may be used by an...

FreeBSD -- ktrace(2) fails to detach when executing a setuid binary

Problem Description: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. Impact: The bug may be used by an unprivileged user to read the...

US senators ask FTC to investigate car makers’ privacy practices

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have...

Mattermost < 5.8.0 (Windows / Unix) (MMSA-2024-00335)

The version of Mattermost installed on the remote host is prior to 5.8.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00335 advisory. - Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote...

FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity

Today, CISA—in partnership with the Federal Bureau of Investigation FBI—released a joint Cybersecurity Advisory,North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organization...

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...

USN-6912-1 provd vulnerability

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges...

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven...

Time Zone Database - XenMobile Reference

The TimeZone Tz database, can be also known as IANA Time Zone Database, is a collaborative compilation of information about the world’s time.The TZ column in the attached table is the standard format intended to be used with computer programs and operating systems...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904

VNote (note‑taking platform) before version 3.18.1 is affected by a code execution vulnerability that can be triggered via crafted notes containing local file references (for example, file:///C:/WINDOWS/system32/cmd.exe or calc.exe). The underlying issue is a local file path handling/URI embeddin...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

Mattermost < 5.8.0 (macOS) (MMSA-2024-00335)

The version of Mattermost installed on the remote host is prior to 5.8.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00335 advisory. - Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote...