Category Archives: Advisories

helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42 rust-gix-dir-0.8.0-1.fc42 rust-gix-discover-0.35.0-1.fc42 rust-gix-features-0.38.2-3.fc42 rust-gix-filter-0.13.0-1.fc42 rust-gix-fs-0.11.3-1.fc42 rust-gix-glob-0.16.5-1.fc42 rust-gix-ignore-0.11.4-1.fc42 rust-gix-index-0.35.0-1.fc42 rust-gix-mailmap-0.24.0-1.fc42 rust-gix-negotiate-0.15.0-1.fc42 rust-gix-object-0.44.0-1.fc42 rust-gix-odb-0.63.0-1.fc42 rust-gix-pack-0.53.0-1.fc42 rust-gix-packetline-0.17.6-1.fc42 rust-gix-packetline-blocking-0.17.5-1.fc42 rust-gix-path-0.10.11-1.fc42 rust-gix-pathspec-0.7.7-1.fc42 rust-gix-prompt-0.8.7-1.fc42 rust-gix-protocol-0.45.3-1.fc42 rust-gix-ref-0.47.0-1.fc42 rust-gix-refspec-0.25.0-1.fc42 rust-gix-revision-0.29.0-1.fc42 rust-gix-revwalk-0.15.0-1.fc42 rust-gix-sec-0.10.8-1.fc42 rust-gix-status-0.13.0-1.fc42 rust-gix-submodule-0.14.0-1.fc42 rust-gix-tempfile-14.0.2-1.fc42 rust-gix-trace-0.1.10-1.fc42 rust-gix-transport-0.42.3-1.fc42 rust-gix-traverse-0.41.0-1.fc42 rust-gix-url-0.27.5-1.fc42 rust-gix-validate-0.9.0-1.fc42 rust-gix-worktree-0.36.0-1.fc42 rust-gix-worktree-state-0.13.0-1.fc42 rust-gix-worktree-stream-0.15.0-1.fc42 rust-onefetch-2.21.0-4.fc42 rust-prodash-29.0.0-1.fc42 rust-rustsec-0.29.3-3.fc42 rust-tame-index-0.12.0-3.fc42 rust-vergen-8.3.1-4.fc42 stgit-2.4.12-1.fc42

Read Time:2 Minute, 17 Second

FEDORA-2024-1b3089c689

Packages in this update:

helix-24.07-2.fc42
rust-cargo-0.79.0-4.fc42
rust-cargo-deny-0.14.24-3.fc42
rust-dua-cli-2.29.2-1.fc42
rust-gix-0.66.0-1.fc42
rust-gix-actor-0.32.0-1.fc42
rust-gix-archive-0.15.0-1.fc42
rust-gix-attributes-0.22.5-1.fc42
rust-gix-command-0.3.9-1.fc42
rust-gix-commitgraph-0.24.3-1.fc42
rust-gix-config-0.40.0-1.fc42
rust-gix-config-value-0.14.8-1.fc42
rust-gix-credentials-0.24.5-1.fc42
rust-gix-date-0.9.0-1.fc42
rust-gix-diff-0.46.0-1.fc42
rust-gix-dir-0.8.0-1.fc42
rust-gix-discover-0.35.0-1.fc42
rust-gix-features-0.38.2-3.fc42
rust-gix-filter-0.13.0-1.fc42
rust-gix-fs-0.11.3-1.fc42
rust-gix-glob-0.16.5-1.fc42
rust-gix-ignore-0.11.4-1.fc42
rust-gix-index-0.35.0-1.fc42
rust-gix-mailmap-0.24.0-1.fc42
rust-gix-negotiate-0.15.0-1.fc42
rust-gix-object-0.44.0-1.fc42
rust-gix-odb-0.63.0-1.fc42
rust-gix-pack-0.53.0-1.fc42
rust-gix-packetline-0.17.6-1.fc42
rust-gix-packetline-blocking-0.17.5-1.fc42
rust-gix-path-0.10.11-1.fc42
rust-gix-pathspec-0.7.7-1.fc42
rust-gix-prompt-0.8.7-1.fc42
rust-gix-protocol-0.45.3-1.fc42
rust-gix-ref-0.47.0-1.fc42
rust-gix-refspec-0.25.0-1.fc42
rust-gix-revision-0.29.0-1.fc42
rust-gix-revwalk-0.15.0-1.fc42
rust-gix-sec-0.10.8-1.fc42
rust-gix-status-0.13.0-1.fc42
rust-gix-submodule-0.14.0-1.fc42
rust-gix-tempfile-14.0.2-1.fc42
rust-gix-trace-0.1.10-1.fc42
rust-gix-transport-0.42.3-1.fc42
rust-gix-traverse-0.41.0-1.fc42
rust-gix-url-0.27.5-1.fc42
rust-gix-validate-0.9.0-1.fc42
rust-gix-worktree-0.36.0-1.fc42
rust-gix-worktree-state-0.13.0-1.fc42
rust-gix-worktree-stream-0.15.0-1.fc42
rust-onefetch-2.21.0-4.fc42
rust-prodash-29.0.0-1.fc42
rust-rustsec-0.29.3-3.fc42
rust-tame-index-0.12.0-3.fc42
rust-vergen-8.3.1-4.fc42
stgit-2.4.12-1.fc42

Update description:

Update gix to version 0.66

Read More

webkitgtk-2.46.0-1.fc39

Read Time:25 Second

FEDORA-2024-01501ccce2

Packages in this update:

webkitgtk-2.46.0-1.fc39

Update description:

Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.
Enable offscreen canvas by default.
Add support for system tracing with Sysprof.
Implement printing using the Print portal.
Add new API to load settings from a config file.
Add a new setting to enable or disable the 2D canvas acceleration (enabled by default).
Undeprecate console messages API and make it available in 6.0 API.

Read More

chromium-129.0.6668.58-1.fc41

Read Time:22 Second

FEDORA-2024-b85d941d78

Packages in this update:

chromium-129.0.6668.58-1.fc41

Update description:

update to 129.0.6668.58

High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI

Read More

chromium-129.0.6668.58-1.el8

Read Time:22 Second

FEDORA-EPEL-2024-2cc55c9f93

Packages in this update:

chromium-129.0.6668.58-1.el8

Update description:

update to 129.0.6668.58

High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI

Read More

USN-7023-1: Git vulnerabilities

Read Time:58 Second

Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)

It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)

It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)

It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target’s local system. This issue was fixed
in Ubuntu 18.04 LTS. (CVE-2024-32020)

It was discovered that Git incorrectly handled certain symlinks. An
attacker could possibly use this issue to impact availability and
integrity creating hardlinked arbitrary files into users repository’s
objects/directory. This issue was fixed in Ubuntu 18.04 LTS.
(CVE-2024-32021)

Read More

Stored XSS in “Edit Profile” – htmlyv2.9.9

Read Time:24 Second

Posted by Andrey Stoykov on Sep 18

# Exploit Title: Stored XSS in “Edit Profile” – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-11-stored-xss.html

Stored XSS #1:

Steps to Reproduce:

1. Login as author
2. Browse to “Edit Profile”
3. In “Content” field add payload “><img src=x onerror=alert(1)>
4. Then…

Read More

Stored XSS in “Menu Editor” – htmlyv2.9.9

Read Time:24 Second

Posted by Andrey Stoykov on Sep 18

# Exploit Title: Stored XSS in “Menu Editor” – htmlyv2.9.9
# Date: 9/2024
# Exploit Author: Andrey Stoykov
# Version: 2.9.9
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-10-stored-xss.html

Stored XSS #1:

Steps to Reproduce:

1. Login as admin
2. Browse to “Menu Editor”
3. In “Name” field add payload “><img src=x onerror=alert(1)>
4. In…

Read More

Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Sep 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.BlackAngel.13
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1850. Third party
adversaries who can reach an infected host can issue commands made
available by the backdoor….

Read More