Critical: Red Hat Security Advisory: OpenShift Container Platform 4.14.12 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845-6 CVE-2023-36845 and CVE-2023-36846 Juniper Jun...

Security Bulletin: IBM Event Streams is affected by a remote code execution vulnerability (CVE-2023-26136).

Summary A Remote Code Execution RCE vulnerability in Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Vulnerability Detai...

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

...

WordPress Bricks Builder Theme <= 1.9.6 is vulnerable to Remote Code Execution (RCE)

Software Bricks Builder Type Theme Vulnerable versions = 1.9.6 Fixed in 1.9.6.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25600 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58c6c492a8d0 Credits Snicco Required privilege...

sidekiq-unique-jobs UI server vulnerable to XSS & RCE in Redis

Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Details Specially crafted URL query parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but...

February Fortinet Advisory: everything you need to know

Fortinet offers guidance to detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS and FortiProxy, including guidance that organizations should patch urgently...

Important: Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Rocky Linux 9 : php:8.1 (RLSA-2024:0387)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0387 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If...

Fedora 38 : wordpress (2024-df1cdcb0de)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-df1cdcb0de advisory. WordPress 6.4.3 Maintenance and Security release See upstream announcement Security updates included in this release m4tuto for finding a PHP File Upload...

Fedora 39 : wordpress (2024-2b30739a76)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2b30739a76 advisory. WordPress 6.4.3 Maintenance and Security release See upstream announcement Security updates included in this release m4tuto for finding a PHP File Upload...

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

WordPress NextMove Lite Plugin <= 2.17.0 is vulnerable to Remote Code Execution (RCE)

Software NextMove Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-25092 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 2181c91c736b Credits Yudistira Arya Required...

TeamCity Server < 2023.11.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...

Design/Logic Flaw

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload...

Exploit for Code Injection in Apache Commons_Text

Install maven - maven-linuxhttps://www.digitalocean.com/c...

GHSA-C352-X843-GGPQ XXL-JOB vulnerable to Server-Side Request Forgery

xxl-job = 2.4.2 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...