A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access on the system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.
Daily Archives: September 25, 2024
Multiple Vulnerabilities in Veeam Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution.
Veeam Backup & Replication is a proprietary backup app.Veeam ONE is a solution for managing virtual and data protection environments.Veeam Service Provider Console provides centralized monitoring and management capabilities for Veeam protected virtual, Microsoft 365, and public cloud workloads.Veeam Agent for Linux is a backup agent that’s designed Linux Instances.Veeam Backup for Nutanix.Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization.
Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
WP Engine is banned from WordPress.org
Any WP Engine customers having trouble with their sites should contact WP Engine support and ask them to fix it.
I won’t bore you with the story of how WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community regarding their disabling and locking down a WordPress core feature in order to extract profit.
What I will tell you, that pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.
WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free.
The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, WP Engine will need to replicate that security research on their own.
Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?
WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it, with them getting all of the profits and providing all of the services.
If you want to experience WordPress, use any other host in the world besides WP Engine. WP Engine is not WordPress.
USN-7035-1: AppArmor vulnerability
It was discovered that the AppArmor policy compiler incorrectly generated
looser restrictions than expected for rules allowing mount operations. A
local attacker could possibly use this to bypass AppArmor restrictions in
applications where some mount operations were permitted.
znc-1.9.1-4.fc41 znc-clientbuffer-0-0.28.20190129git9766a4a.fc41 znc-push-2.0.0-10.20210311git4243934.fc41
FEDORA-2024-1c078a4771
Packages in this update:
znc-1.9.1-4.fc41
znc-clientbuffer-0-0.28.20190129git9766a4a.fc41
znc-push-2.0.0-10.20210311git4243934.fc41
Update description:
Fix CVE-2024-39844
pgadmin4-8.12-1.fc41
FEDORA-2024-4944ad2c87
Packages in this update:
pgadmin4-8.12-1.fc41
Update description:
Fix CVE-2024-9014.
pgadmin4-8.9-3.fc40
FEDORA-2024-126d22c121
Packages in this update:
pgadmin4-8.9-3.fc40
Update description:
Fix CVE-2024-9014.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
chromium-129.0.6668.70-1.fc39
FEDORA-2024-e60359f212
Packages in this update:
chromium-129.0.6668.70-1.fc39
Update description:
Update to 129.0.6668.70
* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia
chromium-129.0.6668.70-1.el9
FEDORA-EPEL-2024-89511748af
Packages in this update:
chromium-129.0.6668.70-1.el9
Update description:
Update to 129.0.6668.70
* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia