This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-29848.
Category Archives: Advisories
DSA-5699-1 redmine – security update
Multiple cross-site scripting vulnerabilities were found in Redmine,
a project management web application.
DSA-5698-1 ruby-rack – security update
Multiple security issues were found in Rack, an interface for developing
web applications in Ruby, which could result in denial of service.
DSA-5697-1 chromium – security update
A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. Google is aware that an exploit for CVE-2024-5274 exists
in the wild.
SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 23
SEC Consult Vulnerability Lab Security Advisory < 20240522-0 >
=======================================================================
title: Broken access control & API Information Exposure
product: 4BRO App
vulnerable version: before 2024-04-17
fixed version: 2024-04-17
CVE number: –
impact: Critical
homepage: https://www.4bro.de
found: 2023-05-07…
[CFP] Security BSides Ljubljana 0x7E8 | September 27, 2024
Posted by Andraz Sraka on May 23
MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..–+MMNy:…-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..—.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh–mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh—m:-:hy+sMN..+Mo..os+.-:Ny–ossssdN-.:yyo+mM…
A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass
A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. An attacker could then view, change, or delete data; or create new accounts with full user rights.
USN-6785-1: GNOME Remote Desktop vulnerability
Matthias Gerstner discovered that GNOME Remote Desktop incorrectly
performed certain user validation checks. A local attacker could possibly
use this issue to obtain sensitive information, or take control of remote
desktop connections.
USN-6784-1: cJSON vulnerabilities
It was discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. This issue only affected Ubuntu 22.04 LTS and
Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472)
Luo Jin discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. (CVE-2024-31755)
chromium-125.0.6422.76-1.el7
FEDORA-EPEL-2024-46d6266ef3
Packages in this update:
chromium-125.0.6422.76-1.el7
Update description:
update to 125.0.6422.76
High CVE-2024-5157: Use after free in Scheduling
High CVE-2024-5158: Type Confusion in V8
High CVE-2024-5159: Heap buffer overflow in ANGLE
High CVE-2024-5160: Heap buffer overflow in Dawn
update to 125.0.6422.60
High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads