Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
08b4e847d08dda831c59a07de21c73b00e7633dffb2b64b53231e10e1582e374Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.
0aa128553cbd5a516cc713b76e3dc3f366da8678b4aba8459dee773880a5c164ZoneMinder Snapshots versions prior to 1.37.33 suffer from an unauthenticated remote code execution vulnerability.
1214b8dd5cc3e41afef6bf3970934bdc17fe4f69cdd2f486c163cc06c6903f65Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227This is a proof of concept exploit for CVE-2024-25153, a remote code execution vulnerability in Fortra FileCatalyst Workflow versions 5.x, before 5.1.6 Build 114.
2a8afe7aeb8387754a5e1093b278c99cf0daa3ee2f0907df1d3ea9383e5f2a54Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.
9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355bThis Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87Apple Security Advisory 03-12-2024-1 - GarageBand 10.4.11 addresses code execution and use-after-free vulnerabilities.
cf1feda0632734f3eac97a03cb231aca57c5c2445e35cdacbbac27e26d43b080Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
bb37d3d885c05665df5e0348f90e65516bd9024d109db00efe75183960a1ab40StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.
9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
75dbd070cadb95c190fb2c3e720880078476efddd8b02e812bc1c594dfa6e86fApple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
6df43170bd5fc352fd321acd5fe231d753158fd667fcbe6941a1ccefd16eb11aApple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.
6d34d98987ed9e7f5bc383bd22eb781faef984e2518dc2398e1701abcb1cdd3bApple Security Advisory 03-07-2024-3 - macOS Ventura 13.6.5 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.
a73a9b93cfdd3db0327dd1d8307d169f4dba16169f4b090abd5020a3d9a70efeApple Security Advisory 03-07-2024-2 - macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
29c509ba93a9dc40af758aca80410a21c8239c2a3c115bac3d2acd0e1e6deea5JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability.
e1c264f19102d105794de4c6c20eaafe22944b48d40bf81b679d6529f26dcffbHoneywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.
af3705248c7122eb4d11be4c13209b3526cbee77ed228747c3f55800ef9fb1efViessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.
86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766aRuijie Switch version PSG-5124 with software build 26293 suffers from a remote code execution vulnerability.
31f3b0a900318bec9de9a1e9f67d893c6b3f4c63a3437484a3559c375ebb2fa0Karaf version 4.4.3 suffers from a remote code execution vulnerability.
2f400975f659ce2b1411ab5f0648a7b24fbc5ff13c60a27cd18e2461d40bfd86OSGi versions 3.7.2 and below suffer from a remote code execution vulnerability.
b58312b3c9ef3414d27ca17e2db9d015ffcd0263ed95cd4c31a69f65fd99f59dOSGi versions 3.8 through 3.18 suffer from a remote code execution vulnerability.
f497ebf8b35afe62aa891bf6ce65680f2ac452e845456b06776d98729a31b50dNumbas versions prior to 7.3 suffer from a remote code execution vulnerability.
e0195e7e21a5182d8c8267f498108059037a2956810cf1cbc5880c33a370d809Sitecore version 8.2 suffers from a remote code execution vulnerability.
bb3d70849315ed8ba0c15b23acace7c5306c6747aad0652046ed829b77617644
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed