CVE-2024-26703 tracing/timerlat: Move hrtimer_init to timerlat_fd open()

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Move hrtimerinit to timerlatfd open Currently, the timerlat's hrtimer is initialized at the first read of timerlatfd, and destroyed at close. It works, but it causes an error if the user program open and close t...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2024-582)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-582 advisory. Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1

CVE-2024-0450 affecting package python3 for versions less than 3.9.19-1. A patched version of the package is available...

CVE-2023-40217 affecting package python3 for versions less than 3.9.19-1

CVE-2023-40217 affecting package python3 for versions less than 3.9.19-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-6597 affecting package python3 for versions less than 3.9.19-1

CVE-2023-6597 affecting package python3 for versions less than 3.9.19-1. An upgraded version of the package is available that resolves this issue...

Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

Siklu MultiHaul TG Series Credential Disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

RouterOS 6.44 / 6.49.10 Denial Of Service

Exploit Title: CVE-2024-27686: RouterOS-SMB-DOS Google Dork: N/A Date: 03/04/2024 Exploit Author: ice-wzl, Solstice Cyber Solutions Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download/archive Version: RouterOS devices ranging from 6.40.5 - 6.44 and 6.48.1 - 6.49.10...

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

Exploit for Path Traversal in Grafana

Subir o lab docker compose...

Exploit for NULL Pointer Dereference in Treasuredata Fluent_Bit

CVE-2024-23722-poc Usage python3 exploit.py http://127...

Important Photon OS Security Update - PHSA-2024-5.0-0231

Updates of 'bluez', 'python3-cryptography' packages of Photon OS have been released...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228-POC exploit CVE-2021-44228 download nuclei...

Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

Debian: Security Advisory (DLA-3768-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : python3 (EulerOS-SA-2024-1406)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1406)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...