Fedora 38 : GitPython (2023-1ec4e542f9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

TOTOLINK X5000R 命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK X5000R version B20210419, which stems from a remote code execution RCE vulnerability in the setTracerouteCfg interface...

CVE-2023-39618

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution RCE vulnerability via the setTracerouteCfg interface...

CVE-2023-39618

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution RCE vulnerability via the setTracerouteCfg interface...

CVE-2023-39618

CVE-2023-39618 affects TOTOLINK X5000R with firmware B20210419, exposing a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. The issue enables an attacker to potentially execute arbitrary code with network access, contributing to high impact on confidentiality, integri...

Exploit for CVE-2023-38646

Metabase Metabase is an open source business intelligence tool...

CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...

XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message

Impact Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation...

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

Exploit for Improper Input Validation in Ivanti Avalanche

CVE-2023-32560 Ivanti Avala...

CVE-2023-20209

The CVE-2023-20209 issue affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) where authenticated, read-write users can trigger a command injection via the web-based management interface. Concrete exploitation path: crafted inputs bypass validation in the PHP fr...

PHP 8.2.x < 8.2.9 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.9 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state ...

Ford says it’s safe to drive its cars with a WiFi vulnerability

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...

Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: .NET 7.0 security, bug fix, and enhancement update

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: rh-dotnet60-dotnet security, bug fix, and enhancement update

An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Malicious code in false-positive-reddit-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 18d0061817c889d31df1f475a5cb984705a83ac9e8117ef32c2429696d73ca20 The OpenSSF Package Analysis project identified 'false-positive-reddit-rce' @ 0.0.2 npm as malicious. It is considered malicious because: - The...