Category Archives: Advisories

CVE-2024-31705

Read Time:22 Second

Posted by V3locidad on Apr 14

CVE ID: CVE-2024-31705

Title : RCE to Shell Commands” Plugin / GLPI Shell Command Management Interface

Affected Product : GLPI – 10.X.X and last version

Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.

Affected Component : A remote code execution (RCE) vulnerability has been identified in the ‘Shell…

Read More

SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14

SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: –
impact: medium
homepage: https://aws.amazon.com/glue/
found:…

Read More

chromium-123.0.6312.122-1.el8

Read Time:15 Second

FEDORA-EPEL-2024-762aef7cb1

Packages in this update:

chromium-123.0.6312.122-1.el8

Update description:

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More

chromium-123.0.6312.122-1.el9

Read Time:15 Second

FEDORA-EPEL-2024-2445965799

Packages in this update:

chromium-123.0.6312.122-1.el9

Update description:

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More

chromium-123.0.6312.122-1.el7

Read Time:15 Second

FEDORA-EPEL-2024-9bc8e80200

Packages in this update:

chromium-123.0.6312.122-1.el7

Update description:

update to 123.0.6312.122

High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn

Read More

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)

Read Time:39 Second

What is the vulnerability/attack?
A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going.

What is the recommended Mitigation?

The vendor has released a threat prevention signature and is currently developing a hotfix releases of PAN-OS.

What FortiGuard Coverage is available?
As the situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More