Posted by malvuln on Jun 23

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Plugx
Vulnerability: Insecure Permissions
Family: Plugx
Type: PE32
MD5: eeb631127f1b9fb3d13d209d8e675634
SHA256: c2804080c3f45e8232b3e955611f56c9ba513a7845ddad56a588c4191d139990
Vuln ID: MVID-2024-0686
Disclosure: 06/17/2024…

Read More

Posted by SBA Research Security Advisory via Fulldisclosure on Jun 23

# Paradox IP150 Internet Module Cross-Site Request Forgery #

Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery

## Vulnerability Overview ##

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to
Cross-Site Request Forgery (CSRF) attacks due to
a lack of countermeasures and the use of the HTTP method `GET` to introduce
changes in the system.

* **Identifier**…

Read More

The update for composer released as DSA 5715 introduced a regression
in the handling of git feature branches. Updated composer packages
are now available to address this issue.

https://security-tracker.debian.org/tracker/DSA-5715-2

Read More

FEDORA-EPEL-2024-28e58f443c

Packages in this update:

python-PyMySQL-0.9.3-2.el7

Update description:

Security fix for CVE-2024-36039

Read More

FEDORA-2024-07c9cfd337

Packages in this update:

libreswan-4.15-1.fc39

Update description:

Update to 4.15 for CVE-2024-3652

Read More

FEDORA-2024-919bc7e512

Packages in this update:

mingw-gstreamer1-1.22.9-1.fc39
mingw-gstreamer1-plugins-bad-free-1.22.9-1.fc39
mingw-gstreamer1-plugins-base-1.22.9-2.fc39
mingw-gstreamer1-plugins-good-1.22.9-1.fc39

Update description:

Update to gstreamer-1.22.9.

Backport fix for CVE-2024-0444.

Read More

FEDORA-2024-1e6c22e83f

Packages in this update:

mingw-gstreamer1-plugins-bad-free-1.22.7-2.fc39

Update description:

Backport fix for CVE-2024-0444.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-2003.

Read More

FEDORA-2024-05a6ab143e

Packages in this update:

libreswan-4.15-1.fc40

Update description:

Update to 4.15 for CVE-2024-3652

Read More

FEDORA-2024-342c3cc98f

Packages in this update:

libreswan-4.15-2.fc41

Update description:

Automatic update for libreswan-4.15-2.fc41.

Changelog

* Sat Jun 22 2024 Paul Wouters <paul.wouters@aiven.io> – 4.15-2
– Add libreswan-4.15-ipsec_import.patch
* Sat Jun 22 2024 Paul Wouters <paul.wouters@aiven.io> – 4.15-1
– Update libreswan to 4.15 for CVE-2024-3652
– Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
responder can crash and restart
– Allow “ipsec import” to try importing PKCS#12 non-interactively if there
is no password

Read More