Read Time:1 Second
Post Content
Category Archives: Advisories
GLSA 202412-09: Salt: Multiple Vulnerabilities
GLSA 202412-08: icinga2: Multiple Vulnerabilities
GLSA 202412-07: OpenJDK: Multiple Vulnerabilities
pytest-8.3.4-1.fc41
Read Time:6 Second
FEDORA-2024-b747462264
Packages in this update:
pytest-8.3.4-1.fc41
Update description:
Update to pytest 8.3.4
ZDI-24-1645: Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-46909.
ZDI-24-1644: (Pwn2Own) iXsystems TrueNAS fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.1. The following CVEs are assigned: CVE-2024-11946.
ZDI-24-1643: (Pwn2Own) iXsystems TrueNAS tarfile.extractall Directory Traversal Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-11944.
DSA-5825-1 ceph – security update
Read Time:9 Second
Sage McTaggart discovered an authentication bypass in radosgw, the RADOS
REST gateway of Ceph, a distributed storage and file system.
DSA-5824-1 chromium – security update
Read Time:9 Second
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.