Read Time:9 Second
Two security issues have been discovered in FastNetMon, a fast DDoS
analyzer: Malformed Netflow/sFlow traffic could result in denial of
service.
Category Archives: Advisories
DSA-5836-1 xen – security update
Read Time:9 Second
Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in privilege escalation, denial of service or
information leaks.
DSA-5835-1 webkit2gtk – security update
Read Time:29 Second
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-54479
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-54502
Brendon Tiszka discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-54505
Gary Kwong discovered that processing maliciously crafted web
content may lead to memory corruption.
CVE-2024-54508
linjy, chluo and Xiangwei Zhang discovered that processing
maliciously crafted web content may lead to an unexpected process
crash.
openjpeg2-2.5.3-1.fc40
Read Time:8 Second
FEDORA-2024-272544ceb9
Packages in this update:
openjpeg2-2.5.3-1.fc40
Update description:
Update to openjpeg-2.5.3
Fix 2 heap-buffer-overflow
libxml2-2.12.9-1.fc40
Read Time:7 Second
FEDORA-2024-9f3765a04b
Packages in this update:
libxml2-2.12.9-1.fc40
Update description:
Update to 2.12.9
Fixes CVE-2024-40896
libxml2-2.12.9-1.fc41
Read Time:7 Second
FEDORA-2024-867a14de12
Packages in this update:
libxml2-2.12.9-1.fc41
Update description:
Update to 2.12.9
Fixes CVE-2024-40896.
iwd-3.3-1.fc40 libell-0.71-1.fc40
Read Time:26 Second
FEDORA-2024-0fa283c43a
Packages in this update:
iwd-3.3-1.fc40
libell-0.71-1.fc40
Update description:
iwd 3.3:
Fix issue with handling External Authentication.
iwd 3.2:
Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.
ell 0.71:
Fix issue with GCC 15 and -std=c23 build errors.
ell 0.70:
Add support for helper function for safe memcpy.
iwd-3.3-1.fc41 libell-0.71-1.fc41
Read Time:26 Second
FEDORA-2024-256818da09
Packages in this update:
iwd-3.3-1.fc41
libell-0.71-1.fc41
Update description:
iwd 3.3:
Fix issue with handling External Authentication.
iwd 3.2:
Fix issue with GCC 15 and -std=c23 build errors.
Add support for using PMKSA over SAE if available.
Add support for HighUtilization/StationCount thresholds.
Add support for disabling Multicast RX option.
ell 0.71:
Fix issue with GCC 15 and -std=c23 build errors.
ell 0.70:
Add support for helper function for safe memcpy.
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
Read Time:30 Second
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source web application framework used for developing Java web applications. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Read Time:15 Second
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21
CyberDanube Security Research 20241219-0
——————————————————————————-
title| Authenticated Remote Code Execution
product| Ewon Flexy 205
vulnerable version| <= v14.8s0 (#2633)
fixed version| –
CVE number| CVE-2024-9154
impact| High
homepage| https://www.hms-networks.com/
found| 2024-09-03…