Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).
794244004a3908d9cf0034a1a70db151caa9281755a9275a47220eac8338d52fABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.
accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277bThis archive contains all of the 128 exploits added to Packet Storm in October, 2024.
c5d403957b806b59fb6166e8d1326d5963ba8bbcdb7a6478a93b1ba29c457234Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.
7663ad350ea4147d8c339e47d4e4c09f18b27dab1f732df508fa0ac88122a418Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.
e1d1c90f3bed32a3621cdec6499a0799dd3782078452bf7dc1d063ca25c1e2f0Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
6a9d3a1e4a4fbe85e4992cff08c3e238393e2444832e21faf50c67f89ed19bf6Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
ddf1e0bbd10d1ef692ad8303eb3ecdabeb9f0701fc3cf00afbec1c110f39b6a2SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.
c819a531ddac42276178e8777f908cca9b2430a5fef86c2ac4c3be219a2bd9e3SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
454076f23b89f57e45086d97afc09d37ad082fe918f4d6e98b97f0605eece69eUbuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
45049820bd4e0d7ebd34214af28ac0de01bc1555af2b52dcd9fceee216485cbbApple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
0dd01065224021561e127b177e2c1247b87c84d4c78ddb4a6c229ce1b1475210Red Hat Security Advisory 2024-8729-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
892ea6d1885a9c4a5fd9df199719bc81c7706b42115f8c0445600a83674d35feRed Hat Security Advisory 2024-8728-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
dcffc6dcf0a0828fcfb4d8fb6ad618b0bd9aecf0defd2dd77d1328627aa737abRed Hat Security Advisory 2024-8727-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
2f92d8a982d1250cbda8b06a268b4794e340c8705b5867a7aaff14e7a6d8a00dRed Hat Security Advisory 2024-8726-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
93f3e2a4112ced58b9c3cbdfe1d1fe4cef3b189e36b25c82e2dfd9004417b003Red Hat Security Advisory 2024-8725-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
f1f682088049da35eed59619974632a2d6cb13ac55b4925f134e9a48fb2d93e7Red Hat Security Advisory 2024-8724-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
330bc51b9bb432e7ddd876dccba1b9d135f5ba9d47cd1e04477ad61e05ebc573Red Hat Security Advisory 2024-8723-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
0c7bb3b6696f06060ce2409dec1cb1a60a1843a09dd118416287b8738a2748a4Red Hat Security Advisory 2024-8722-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
de7958e92ea46cc20aedc374ab8c5a9bf8531b25404f2dafd4055b3af0876da2Red Hat Security Advisory 2024-8721-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
117152477b45be16ad962165d5ad4e331674d8fb133bd5677bc073b487ceb082Red Hat Security Advisory 2024-8720-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.
4abc10777235f30c78096188f53828f632e679bbaeaf3c43cf93a04820c05178Red Hat Security Advisory 2024-8719-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.
ced91abff3a01fc30596af392dbc9492e4b32c12b735f0b59eca208c20102e10Red Hat Security Advisory 2024-8718-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a memory leak vulnerability.
b20a69134d03eb3f4ba3bf687e91fd29a7bcf7103f20bf92b861624eeae10f69Red Hat Security Advisory 2024-8717-03 - Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
12ea27fee07cf7b22eea1789d401da0f7e222d1902f2688c8d8dbc94a60bf833
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed