Read Time:8 Second
FEDORA-2024-051cf1553e
Packages in this update:
xen-4.18.3-2.fc40
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
Category Archives: Advisories
xen-4.19.0-4.fc41
Read Time:8 Second
FEDORA-2024-60809cb44e
Packages in this update:
xen-4.19.0-4.fc41
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
USN-7031-2: Puma vulnerability
Read Time:20 Second
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
USN-7031-1: Puma vulnerability
Read Time:10 Second
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
USN-7030-1: py7zr vulnerability
Read Time:13 Second
It was discovered that py7zr was vulnerable to path traversal attacks.
If a user or automated system were tricked into extracting a specially
crafted 7z archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host.
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Read Time:15 Second
Posted by Thomas Weber via Fulldisclosure on Sep 23
CyberDanube Security Research 20240919-0
——————————————————————————-
title| Multiple Vulnerabilities
product| Netman 204
vulnerable version| 4.05
fixed version| –
CVE number| CVE-2024-8877, CVE-2024-8878
impact| High
homepage| https://www.riello-ups.com/
found| 2024-05-17
by| D….
Submit Exploit CVE-2024-42831
Read Time:21 Second
Posted by arfaoui haythem on Sep 23
# Exploit Title: Reflected XSS in Elaine’s Realtime CRM Automation v6.18.17
# Date: 09/2024
# Exploit Author: Haythem Arfaoui (CBTW Team)
# Vendor Homepage: https://www.elaine.io/
# Software Link:
https://www.elaine.io/en/products/elaine-marketing-automation/
# Version: 6.18.17 and below
# Tested on: Windows, Linux
# CVE : CVE-2024-42831
# Description
A reflected cross-site scripting (XSS) vulnerability in Elaine’s Realtime
CRM…