Ubuntu Security Notice 7130-1 - It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server.
fe3eb861c4e7a23b6b2ce99368f3327913bcab99b1f679efb490abc72c37bc89Red Hat Security Advisory 2024-10219-03 - An update for the perl-App-cpanminus:1.7044 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
94a400e3c3cfb3351cf4a1d4d1beeaaf214131979f39922e6b752f0f22db42b1Red Hat Security Advisory 2024-10218-03 - An update for perl-App-cpanminus is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
7659ebc3d87aa11336e0c577c34f96db4f463c8fe7b47e38a0c238785d5d22aeRed Hat Security Advisory 2024-10208-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and server-side request forgery vulnerabilities.
1be50ed3f0a1d5e14687d762fbbe47df06e17f66fd138daa3f501a9c0ccab181Red Hat Security Advisory 2024-10207-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Issues addressed include code execution, denial of service, deserialization, server-side request forgery, and remote SQL injection vulnerabilities.
343cb5fb94b59bea978bd46cc9decc908df0d1bd6a97176d1b08655cf893112aRed Hat Security Advisory 2024-9915-03 - An update for gnome-shell is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
7c38c86be0147ffda65ea56f2165d3836b6417399eb96f625c921555b4f4da98This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.
16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
e395c3372dc6eda5878d64b4b3e2b759c5bfaffe8d57ca9fdfd36a0bab7bf55bRed Hat Security Advisory 2024-9806-03 - Red Hat build of Apache Camel 4.4.4 for Spring Boot release and security update is now available. Issues addressed include a code execution vulnerability.
e5a1fe2a8a8abdba703cd554ce001244eeb6964bb505e9270a87878516a76a06Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.
673b14a99725a70874faebe9587a107cc5fbae5423965b93d84ad6e8a0b21673Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.
25e2616d143e5a6c02a25baf655b4c3ddde1a0de992a7276ba8e26c156982841Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
a072c4a79a7fba3d9f798f6c536dc83e6ba851f5eaf528700d2eb523fe8015bdApple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.
1811cd2f89b56c17afd3dd246138796cc0278ab19801137b1d427a1c4b2ee94bRed Hat Security Advisory 2024-9646-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
0f0e090ef093f93ec277c321d4386842098463a763dd1801040b941ee6861ca4Apple Security Advisory 11-19-2024-2 - visionOS 2.1.1 addresses code execution vulnerabilities.
23762c69b876df7ea45363b0d369784623a71b315ca3de500c66fe2e7d75aee6Red Hat Security Advisory 2024-9638-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
6b52c888b5ee2144b4e01d61b21143ac8fb065cedc962695942db69bed58a6b3Red Hat Security Advisory 2024-9636-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
754e12483ccdf3dc71c414d0a8507159a0635b7c4dbb47bf3642a2585829825aApple Security Advisory 11-19-2024-1 - Safari 18.1.1 addresses code execution vulnerabilities.
e8625a7795bae049e74c2905f0849b2c45981599d8800998e9f004c010560320Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.
a1ba2cf035b4baf95b438349ee60b5d61abfbe14ea74073871109b698ce41265Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.
80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fdddGentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.
3595d9ddc5c7b57b0fc6a001f6671c27b47cdadd1a00fb459436bae50b95624cGentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.
f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6afSOPlanning version 1.52.01 authenticated remote code execution exploit.
aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
5e84fedd1a55610efb37e4cd55c473c8354b2e43c61a8e55f36a6a31453cb759
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed