Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.9.0 release.

Red Hat Developer Hub 1.9.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Adobe Framemaker Integer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. An integer underflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary...

Adobe Framemaker Stack Buffer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A stack buffer overflow vulnerability exists in Adobe Framemaker 2020.8, 2022.6 and earlier versions. An attacker could exploit this vulnerability to cause a...

CVE-2024-22028

Thermal camera TMC series from 3R SOLUTION JAPAN is affected across all firmware versions due to insufficient technical documentation (CWE-1059). The documentation fails to describe network interface presence and internal storage of pictures/measurements, enabling physical access to reveal stored...

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. Work around:...

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. Work around: This issue requires the attacker to have authenticated access to...

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

[SECURITY] Fedora 36 Update: golang-github-mmarkdown-mmark-2.2.10-6.fc36

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book mmark source, and I-D text output...

[SECURITY] Fedora 35 Update: golang-github-mmarkdown-mmark-2.2.10-5.fc35

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book mmark source, and I-D text output...

[SECURITY] Fedora 36 Update: golang-github-mmarkdown-mmark-2.2.10-5.fc36

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book mmark source, and I-D text output...

PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)

A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...

PAN-OS: Buffer overflow in the management web interface

A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Work around: This issue impacts the PAN-OS management web interface but you can mitigate the impact o...

PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload

An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the...

PAN-OS: OS command injection vulnerability in the management interface

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. Work around: This issue impacts the PAN-OS management interface but you can mitigate the impact of this issue by following best...

PAN-OS: OS command injection vulnerability in management interface certificate generator

An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. Work around: This issue affects t...

PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's...

PAN-OS: Buffer overflow in management server payload parser

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. Work around: This issue affects the management interface of PAN-OS and is strongly mitigated by following best...

PAN-OS: Authenticated user command injection vulnerability

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. Work around: This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing t...

PAN-OS: OS injection vulnerability in PAN-OS management server

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...