It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-25126)

It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)

It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)

Read More

Joshua Rogers that incorrect parsing of ESI variables in the Squid proxy
caching server could result in memory corruption.

https://security-tracker.debian.org/tracker/DSA-5751-1

Read More

FEDORA-2024-8eff1bffb1

Packages in this update:

dotnet8.0-8.0.108-1.fc39

Update description:

This is the August 2024 monthly update for .NET 8. This includes a fix for CVE-2024-38167

Release Notes:

SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md

Read More

FEDORA-2024-f4eb809b49

Packages in this update:

dotnet8.0-8.0.108-1.fc40

Update description:

This is the August 2024 monthly update for .NET 8. This includes a fix for CVE-2024-38167

Release Notes:

SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.md
Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md

Read More

FEDORA-2024-1f1c0537d3

Packages in this update:

webkit2gtk4.0-2.44.3-2.fc40

Update description:

Update to 2.44.3

Read More

FEDORA-2024-e34ffb3c13

Packages in this update:

restic-0.17.0-1.fc41

Update description:

Automatic update for restic-0.17.0-1.fc41.

Changelog

* Sun Aug 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.17.0-1
– Update to 0.17.0 – Closes rhbz#2258380 rhbz#2292718 rhbz#2255107

Read More

FEDORA-2024-85a14455ea

Packages in this update:

restic-0.17.0-1.fc42

Update description:

Automatic update for restic-0.17.0-1.fc42.

Changelog

* Sun Aug 18 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 0.17.0-1
– Update to 0.17.0 – Closes rhbz#2258380 rhbz#2292718 rhbz#2255107

Read More

Posted by Andrey Stoykov on Aug 17

# Exploit Title: Authenticated Code Injection – smfv2.1.4
# Date: 8/2024
# Exploit Author: Andrey Stoykov
# Version: 2.1.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html

Code Injection Authenticated:

Steps to Reproduce:

1. Login as admin
2. Browse to “Current Theme”
3. Click on “Modify Themes” > “SMF Default Theme”
4. Click on…

Read More

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-043
Product: Ewon Cosy+ / Talk2M Remote Access Solution
Manufacturer: HMS Industrial Networks AB
Affected Version(s): N.A.
Tested Version(s): N.A.
Vulnerability Type: Improper Authentication (CWE-287)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-04-17
Solution Date: 2024-04-18
Public Disclosure:…

Read More

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-033
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: all versions
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Execution with Unnecessary Privileges (CWE-250)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2024-04-10
Solution Date: Not…

Read More