CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

PT-2024-28959 · Nuclei · Nuclei

Name of the Vulnerable Software and Affected Versions: Nuclei versions prior to 3.3.0 Description: A way to execute code templates without the -code option and signature has been discovered in Nuclei. This issue affects some web applications that inherit from Nuclei and allow users to edit and...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

Rocky Linux 8 : grub2 (RLSA-2024:3184)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3184 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution...

GO-2024-2645 Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei

Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...

RHEL 8 : grub2 (RHSA-2024:3184)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3184 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

Improper Certificate Validation

osxcollector is vulnerable to Improper Certificate Validation. The vulnerability is due to incomplete inspection of Universal/fat binaries, which allows malicious code to appear as if it is signed by Apple, leading to the execution of unsigned code...

ALSA-2024:2456 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

Arbitrary Code Execution

github.com/projectdiscovery/nuclei is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation of signed workflows within the parseWorkflowTemplate function in workflows.go, which allows the execution of unsigned code templates through workflows...

Cisco Unified IP Phones 7900 Series Unsigned Code Installation (CVE-2011-1637)

Cisco Unified IP Phones 7900 devices aka TNP phones with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962. This plugin only works with Tenable.ot. Please visit...

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution

...

SUSE-SU-2023:4141-1 Security update for grub2

This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. bsc1215935 - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. bsc1215936 Oth...