CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

Pen testing cruise ships

New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex...

Exploit for CVE-2024-34361

CVE-2024-34361 Pi-hole Remote Code Execution SSRF to RCE...

Fedora 40 : firmitas (2024-71ef04b872)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-71ef04b872 advisory. Cryptography v42 is the new thing. Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing. References...

Fedora 39 : firmitas (2024-139cdfb1fc)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-139cdfb1fc advisory. Cryptography v42 is the new thing. Please follow the steps provided here https://github.com/fedora-infra/firmitas/blob/main/README.md for testing. References...

Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my

Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...

CLSA-2024-1719925589 openssl: Fix of 2 CVEs

CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired smime certificates - Add testing using old certificates sha1 to have both types of certificates sha1, sha256 checked...

kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQMEMRECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in checkflushdependency is being triggered. This seems to be...

CBL Mariner 2.0 Security Update: iperf3 (CVE-2023-7250)

The version of iperf3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-7250 advisory. - A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or...

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 Automated Path Traversal & Local File Read...

CVE-2022-3857

...

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife

Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who...

MAL-2024-6115 Malicious code in testingiasdf1 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.ProjectionHаndling.Testing.Xuոit (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4050 Malicious code in Be.Vlaanderen.Basisregisters.ProjectionHаndling.Testing.Xuոit (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4051 Malicious code in Be.Vlaanderen.Basisregisters.ProjectiоոHаndling.Testing.Xuոit (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.ProjеctionHandling.Connеctor.Testing (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlaanderen.Basisregisters.ProjеctionHandling.Connеctor.Testіոg (NuGet)

--- -= Per source details. Do not edit below this line.=-...