Malicious code in false-positive-reddit-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 18d0061817c889d31df1f475a5cb984705a83ac9e8117ef32c2429696d73ca20 The OpenSSF Package Analysis project identified 'false-positive-reddit-rce' @ 0.0.2 npm as malicious. It is considered malicious because: - The...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...

Media from FTP < 11.17 - Author+ Arbitrary File Access

Description The plugin does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. In 11.16, the manageoptions capability was used, however is still insufficient in case of MultiSite...

ALSA-2023:4643 Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

RHEL 9 : .NET 7.0 (RHSA-2023:4642)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4642 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

RHEL 8 : .NET 7.0 (RHSA-2023:4643)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4643 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

ALSA-2023:4642 Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

RHEL 7 : rh-dotnet60-dotnet (RHSA-2023:4641)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4641 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

ALSA-2023:4645 Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

RHEL 9 : .NET 6.0 (RHSA-2023:4644)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4644 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

New Python URL Parsing Flaw Could Enable Command Execution Attacks

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "urlparse has a parsing problem when the...

Fedora 38 : php (2023-984c26961f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-984c26961f advisory. PHP version 8.2.9 03 Aug 2023 Build: Fixed bug GH-11522 PHP version check fails with '-' separator. SVGAnimate CLI: Fix interrupted CLI output causi...

Metasploit weekly wrap-up

New module content 1 Metabase Setup Token RCE Authors: Maxwell Garrett, Shubham Shah, and h00die Type: Exploit Pull request: 18232 contributed by h00die Path: exploits/linux/http/metabasesetuptokenrce AttackerKB reference: CVE-2023-38646 Description: This adds a module for an unauthenticated RCE...

GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...