Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.
View items...Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash,[…]
Read more...This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below[…]
Read more...Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in[…]
Read more...Red Hat Security Advisory 2024-6784-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Read more...Red Hat Security Advisory 2024-6785-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more...This Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.
Read more...This Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.
Read more...The Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary[…]
Read more...This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list[…]
Read more...This Metasploit module uses a path traversal vulnerability in Ruby on Rails versions 5.2.2 and below to read files on a target server.
Read more...Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more...Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.
Read more...This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible[…]
Read more...Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.
Read more...Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
Read more...Red Hat Security Advisory 2024-8102-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
Read more...Red Hat Security Advisory 2024-8105-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4[…]
Read more...Ubuntu Security Notice 7015-4 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that[…]
Read more...Debian Linux Security Advisory 5791-1 - Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a[…]
Read more...Red Hat Security Advisory 2024-7785-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.
Read more...Debian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
Read more...Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly[…]
Read more...This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
Read more...This Metasploit module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in index.cgi not properly handling filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more...This Metasploit module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the secID parameter, it is possible to read a file outside the www directory.
Read more...This Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used[…]
Read more...This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function[…]
Read more...This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker[…]
Read more...This Metasploit module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin password. Due to a lack of authentication on the webctrl.cgi script, unauthenticated attackers can recover the administrator password for these devices. The vulnerable device has reached[…]
Read more...This Metasploit module abuses a directory traversal in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. This Metasploit module has been tested successfully on the Sophos Web Virtual Appliance v3.7.0.
Read more...snaplitics made a real revolution in the industry.
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By[…]
Read more...SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication,[…]
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to[…]
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php[…]
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to[…]
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying[…]
Read more...ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple[…]
Read more...A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
Read more...ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
Read more...Red Hat Security Advisory 2024-8700-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
Read more...Red Hat Security Advisory 2024-9017-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6[…]
Read more...Red Hat Security Advisory 2024-9018-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
Read more...Red Hat Security Advisory 2024-9019-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
Read more...Red Hat Security Advisory 2024-9015-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4[…]
Read more...Red Hat Security Advisory 2024-9016-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
Read more...Red Hat Security Advisory 2024-8690-03 - Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
Read more...Red Hat Security Advisory 2024-8694-03 - Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
Read more...Red Hat Security Advisory 2024-8977-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise[…]
Read more...Red Hat Security Advisory 2024-8935-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more...Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more...Red Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more...As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more...Last week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more...Google has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more...For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more...It is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more...Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more...Today, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...Debian Linux Security Advisory 5806-1 - A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
Read more...Debian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.
Read more...A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.
Read more...It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/
Read more...Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati[…]
Read more...The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44244
Read more...Debian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Read more...Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the
Read more...Debian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more...Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more...Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
Read more...Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
Read more...Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.
Read more...Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.
Read more...Debian Linux Security Advisory 5798-1 - Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.
Read more...Debian Linux Security Advisory 5799-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more...Debian Linux Security Advisory 5797-1 - Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.
Read more...Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Read more...Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.
Read more...Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.
Read more...Ubuntu Security Notice 6882-2 - USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated[…]
Read more...Ubuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were[…]
Read more...Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial[…]
Read more...Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial[…]
Read more...Ubuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.
Read more...Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were[…]
Read more...Ubuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123[…]
Read more...Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially[…]
Read more...Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash,[…]
Read more...Ubuntu Security Notice 7089-2 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial[…]
Read more...Read more...
Read more...
Read more...
Read more...
Read more...
Read more...
A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID[…]
Read more...GNOME Files version 43.4 (nautilus) on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges.
Read more...This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation.[…]
Read more...Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more...Fedora with Gnome has an issue where it is not using fscaps safely.
Read more...netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more...This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more...Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more...This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more...This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more...