ZDI-24-505: Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-504: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has...
DSA-5699-1 redmine – security update
Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application. https://security-tracker.debian.org/tracker/DSA-5699-1 Read More
DSA-5698-1 ruby-rack – security update
Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service. https://security-tracker.debian.org/tracker/DSA-5698-1 Read More
DSA-5697-1 chromium – security update
A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware...
SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 23 SEC Consult Vulnerability Lab Security Advisory < 20240522-0 > ======================================================================= title: Broken access control...
[CFP] Security BSides Ljubljana 0x7E8 | September 27, 2024
Posted by Andraz Sraka on May 23 MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM... Read More
A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass
A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations...
USN-6785-1: GNOME Remote Desktop vulnerability
Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information,...
USN-6784-1: cJSON vulnerabilities
It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial...