FEDORA-2024-051cf1553e
Packages in this update:
xen-4.18.3-2.fc40
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
xen-4.18.3-2.fc40
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
xen-4.19.0-4.fc41
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.
It was discovered that py7zr was vulnerable to path traversal attacks.
If a user or automated system were tricked into extracting a specially
crafted 7z archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host.
Posted by Thomas Weber via Fulldisclosure on Sep 23
CyberDanube Security Research 20240919-0
——————————————————————————-
title| Multiple Vulnerabilities
product| Netman 204
vulnerable version| 4.05
fixed version| –
CVE number| CVE-2024-8877, CVE-2024-8878
impact| High
homepage| https://www.riello-ups.com/
found| 2024-05-17
by| D….
Posted by arfaoui haythem on Sep 23
# Exploit Title: Reflected XSS in Elaine’s Realtime CRM Automation v6.18.17
# Date: 09/2024
# Exploit Author: Haythem Arfaoui (CBTW Team)
# Vendor Homepage: https://www.elaine.io/
# Software Link:
https://www.elaine.io/en/products/elaine-marketing-automation/
# Version: 6.18.17 and below
# Tested on: Windows, Linux
# CVE : CVE-2024-42831
# Description
A reflected cross-site scripting (XSS) vulnerability in Elaine’s Realtime
CRM…