Exploit for Embedded Malicious Code in Tukaani Xz

Good evening, I would like to inform you about a critical secur...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 vul check tools This vulnerability allows an at...

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils previously LZMA Utils have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as...

[SECURITY] Fedora 38 Update: podman-tui-1.0.0-1.fc38

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

[SECURITY] Fedora 39 Update: podman-tui-1.0.0-1.fc39

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

[SECURITY] Fedora 40 Update: podman-tui-1.0.0-1.fc40

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)

Binary data xzutilsbackdoorcve-2024-3094.nbin...

PT-2024-2451

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.6.0 through 5.6.1 Description Malicious code was discovered in the upstream tarballs of XZ Utils. Through complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file in the...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift Builds 1.0.1

An update is now available for Red Hat OpenShift Builds 1.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Siklu MultiHaul TG Series Credential Disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon...

CVE-2024-26303

CVE-2024-26303 describes an authenticated denial-of-service against the ArubaOS-Switch SSH Daemon. The vulnerability is triggered by an attacker with high privileges over the network, with no user interaction, causing an impact to availability (CVSSv3.1 base score 4.9, MEDIUM). Affected component...

CVE-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

CVE-2024-29735 affects Apache Airflow (versions 2.8.2–2.8.3) due to the local file task handler incorrectly setting permissions on parent folders of the log directory, potentially granting group write access. The issue can impact log storage paths, and, if the home directory becomes group-writabl...