Mageia: Security Advisory (MGASA-2024-0394)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 CVE-2023-50564 is an RCE vulnerability in Pluc...

Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

CVE-2024-56337 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation

[email protected] reports: Time-of-check Time-of-use TOCTOU Race Condition The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled readonly initialisation parameter set to the non-default value of false may...

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

CVE-2024-50379

CVE-2024-50379 is a TOCTOU race condition in JSP compilation on Apache Tomcat that can lead to RCE when the default servlet is writable on case-insensitive file systems. Affected lines include Tomcat 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97 (also some older EOL versions). The issu...

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

Apache Tomcat 9.0.0.M1 < 9.0.98 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.98. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.98security-9 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat...

CVE-2024-55085

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE...

CVE-2024-55085

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE...

Metasploit Weekly Wrap-Up 12/13/2024

It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change...

Malicious code in vscode-reh-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 645c7a216c974ca0e1e77bbdfbbd3659bf3ea42e681d987c858de32c8f3bcc34 The OpenSSF Package Analysis project identified 'vscode-reh-rce' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-11801 Malicious code in vscode-reh-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 645c7a216c974ca0e1e77bbdfbbd3659bf3ea42e681d987c858de32c8f3bcc34 The OpenSSF Package Analysis project identified 'vscode-reh-rce' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in yir-image-gen-asana-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 050cc0b4f55e2e2b44e9eaeb0b6b269c8eab27bb007239d6fc7cb318e55f475d The OpenSSF Package Analysis project identified 'yir-image-gen-asana-rce' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2024-11800 Malicious code in yir-image-gen-asana-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 050cc0b4f55e2e2b44e9eaeb0b6b269c8eab27bb007239d6fc7cb318e55f475d The OpenSSF Package Analysis project identified 'yir-image-gen-asana-rce' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

ruby security update

3.0.7-163 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: rbhz2322153 3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves:...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

Fortinet FortiManager Unauthenticated RCE

This module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are: 7.6.0 7.4.0 through 7.4.4 7.2.0 through 7.2.7 7.0.0 through 7.0.12 6.4.0 through 6.4.14...