Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable.

Packet Storm
Open in Source
#vulnerability#web#windows#linux#js#git#java#rce#auth#ssl
Gentoo Linux Security Advisory 202402-01

Gentoo Linux Security Advisory 202402-1 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.38-r10 are affected.

Debian Security Advisory 5613-1

Debian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

Debian Security Advisory 5612-1

Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Red Hat Security Advisory 2024-0647-03

Red Hat Security Advisory 2024-0647-03 - An update for rpm is now available for Red Hat Enterprise Linux 8.

Grocy 4.0.2 Cross Site Request Forgery

Grocy versions 4.0.2 and below suffer from a cross site request forgery vulnerabilities.

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network

The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security

Ubuntu Security Notice USN-6587-4

Ubuntu Security Notice 6587-4 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable.