Read Time:7 Second
FEDORA-2024-9a940ffe4c
Packages in this update:
python3.9-3.9.19-6.fc40
Update description:
Security fix for CVE-2024-8088
Category Archives: Advisories
python3.9-3.9.19-6.fc41
Read Time:7 Second
FEDORA-2024-6140989aaf
Packages in this update:
python3.9-3.9.19-6.fc41
Update description:
Security fix for CVE-2024-8088
python3.9-3.9.19-6.fc39
Read Time:7 Second
FEDORA-2024-dc7f1d57e4
Packages in this update:
python3.9-3.9.19-6.fc39
Update description:
Security fix for CVE-2024-8088
mingw-python3-3.11.9-2.fc39
Read Time:10 Second
FEDORA-2024-7008b2fedf
Packages in this update:
mingw-python3-3.11.9-2.fc39
Update description:
Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
mingw-python3-3.11.9-2.fc40
Read Time:10 Second
FEDORA-2024-3d656dafe1
Packages in this update:
mingw-python3-3.11.9-2.fc40
Update description:
Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
python3.9-3.9.19-6.fc42
Read Time:15 Second
FEDORA-2024-0cf8baac55
Packages in this update:
python3.9-3.9.19-6.fc42
Update description:
Automatic update for python3.9-3.9.19-6.fc42.
Changelog
* Fri Aug 23 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.9.19-6
– Security fix for CVE-2024-8088
– Fixes: rhbz#2307466
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
Read Time:1 Minute, 0 Second
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the “Change Favicon” (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its “Known Exploited Vulnerabilities” list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.FortiGuard Labs has blocked known malware used in campaign related to the Versa Director Dangerous File Type Upload Vulnerability. Java/CVE_2024_39717.A!exploitThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.
Re: [SYSS-2024-038] DiCal-RED – Use of Password Hash Instead of Password for Authentication
Read Time:20 Second
Posted by J. Hellenthal via Fulldisclosure on Aug 27
Correct me if I’m wrong but I believe he is trying to relay that “on the backend” where the password hashes are
stored…. if accessed by those with admin access or a bad actor if you will gives them the immediate ability to access
every account without needing to decrypt the passwords.
This is a very bad practice.
USN-6981-1: Drupal vulnerabilities
Read Time:17 Second
It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)
It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary files,
or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)
ZDI-24-1182: Linux Kernel Netfilter Conntrack Type Confusion Information Disclosure Vulnerability
Read Time:14 Second
This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5.