Read Time:9 Second
Christoper L. Shannon discovered that the implementation of the OpenWire
protocol in Apache ActiveMQ was susceptible to the execution of
arbitrary code.
Category Archives: Advisories
python-single-version-1.6.0-1.fc40
Read Time:6 Second
FEDORA-2024-e82145eb25
Packages in this update:
python-single-version-1.6.0-1.fc40
Update description:
Initial import
SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG – vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24
SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
fixed version: 4.5.6.0
CVE number: CVE-2024-6049
impact: high
homepage:…
[RESEARCH] DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations
Read Time:19 Second
Posted by Sandro Gauci via Fulldisclosure on Oct 24
Dear Full Disclosure community,
We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.
White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf
Key points:
1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…
Adversary3 updated with 700 malware and C2 panel vulnerabilities
Read Time:10 Second
Posted by malvuln on Oct 24
Adversary3 malware vulnerability intel tool for third-party attackers
living off malware (LOM), updated with 700 malware and C2 panel
vulnerabilities
https://github.com/malvuln/Adversary3
Thanks,
malvuln
DSA-5797-1 twisted – security update
Read Time:11 Second
Multiple security issues were found in Twisted, an event-based framework
for internet applications, which could result in incorrect ordering of
HTTP requests or cross-site scripting.
DSA-5796-1 libheif – security update
Read Time:12 Second
Multiple security issues were found in libheif, a library to parse HEIF
and AVIF files, which could result in denial of service or potentially
the execution of arbitrary code.
mysql8.0-8.0.40-1.fc41
Read Time:11 Second
FEDORA-2024-9bef6cc6d4
Packages in this update:
mysql8.0-8.0.40-1.fc41
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
mysql8.0-8.0.40-1.fc40
Read Time:11 Second
FEDORA-2024-0c1c9227e5
Packages in this update:
mysql8.0-8.0.40-1.fc40
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
buildah-1.37.5-1.fc40 podman-5.2.5-2.fc40
Read Time:11 Second
FEDORA-2024-054752ae69
Packages in this update:
buildah-1.37.5-1.fc40
podman-5.2.5-2.fc40
Update description:
Fixes CVE-2024-9341, CVE-2024-9407, CVE-2024-9675 and CVE-2024-9676.