Red Hat Security Advisory 2024-4502-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.
a94afecca63f546aec9181f9000dce8011dd5339615a7f14e45bbc62f97ba524
Red Hat Security Advisory 2024-4501-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
0c596bbbcb5a1088f0e5ce2a90379eee58d1c211e895b0db0ee63e2d7a8b2f52
Red Hat Security Advisory 2024-4500-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.
56413b8610dc0dad2e8551fbf4bc7cda8c9684fcd1a2d5c6ea4b52069b5818e3
Red Hat Security Advisory 2024-4326-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.
f806911ed87b07a4e916c87e592f8bee2e424c9b36bb8d5171f6f3a67cd2c837
Red Hat Security Advisory 2024-2106-03 - An update is now available for Red Hat build of Quarkus.
d210e27e70cd09638d510743a91f2b8bd003b40bde80b11351858951d4ce96bc
WordPress PZ Frontend Manager plugin versions 1.0.5 and below suffer from a cross site request forgery vulnerability in the change user profile picture functionality.
71b1a540c9b3265fc977fa30c1fda5b93cf9333b67a049926eee9138c3fa55c1
Havoc C2 version 0.7 suffers from an unauthenticated server-side request forgery vulnerability.
230b2481f9d45d3d95942d6366c578a7c8ca2b796c5c8c16549416644fe40531
Atlassian Confluence suffers from a template injection vulnerability that leads to remote code execution. This repository has three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk.
efe9acf218872fcb2aaad8260c6fdae6e0f538f783ac6624c299f3a0e4254f94
Ubuntu Security Notice 6896-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
23031a0845782c0666fea9cf551de81c3f62aa5f01672ed9481d97357d4ec438
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
eb3189e905bc36ecd2fc5d02a5e9ced5c23c59fc1c76baa032f550292bf26979
Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
13204fe1d646093191f86b432d013bd53e9fab0b9ef81134435e8e12af260d6a
Ubuntu Security Notice 6864-3 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system.
3afccd52c60657160f5c19fffd7c6f30cfc9f572eb40fadf161cb1114d83f29a
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
09a87e1b0ca03b35feb4d66d7489813a4fc3939cea0c49c3c31bf9e7662b2f1f
Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c921ec1fdc787bcf1c8e45327ee5c68db46fe1646615a3ebdea7f0e104640d54
Ubuntu Security Notice 6894-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.
49657c9f208951940a5882e6ed621f3a8835ab9be322277e1a813b58651c0404
Ubuntu Security Notice 6888-2 - USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service.
8a338c088c8fff298fd87665108b1cf592bf62ff0ad1865965cfb6584411d929
Red Hat Security Advisory 2024-4522-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.
28ccebccb98bb155f87c657d443cb16c764f5f569081626bd914c8726a5e92bd
Red Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.
fb8c217f13f0cfcb7a0aa7331a8cdc3487e937065e0608d656d8b145b5eef50d
Red Hat Security Advisory 2024-4329-03 - Red Hat OpenShift Container Platform release 4.14.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a bypass vulnerability.
f265e789ea629c567733fc7ed753006ebc39965d9df2ea89d231a26bfc7c883a
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
5ec6028df29068d889c98489bf194a884b00831106fea1e921fea3c65f2003f5
This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.
44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.
62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp
6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.
507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35