#rce

Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

An issue in Open Source: RPyC v.4.00 thru v.5.3.1 allows a remote attacker to execute arbitrary code via a crafted script to the `__array__` attribute component. This vulnerability was introduced in [9f45f826](https://github.com/tomerfiliba-org/rpyc/commit/9f45f8269d4106905db61d82cd529cacdb178911). ### Attack Vector RPyC services that rely on the `__array__` attribute used by numpy are impacted. When the server-side exposes a method that calls the attribute named `__array__` for a a client provided netref (e.g., `np.array(client_netref)`), a remote attacker can craft a class which results in remote code execution ### Impact Assuming the system exposes a method that calls the attribute `__array__`, an attacker can execute code using the vulnerable component. ### Patches The fix is available in RPyC 6.0.0. The major version change is because some users may need to set `allow_pickle` to `True` when migrating to RPyC 6. ### Workarounds While the recommend fix is to upgrade to RPyC 6.0...

### Summary - Due to insufficient permission verification, user who can write a page use frontmatter feature. - Inadequate File Name Validation ### Details 1. Insufficient Permission Verification In Grav CMS, "[Frontmatter](https://learn.getgrav.org/17/content/headers)" refers to the metadata block located at the top of a Markdown file. Frontmatter serves the purpose of providing additional information about a specific page or post. In this feature, only administrators are granted access, while regular users who can create pages are not. However, if a regular user adds the data[_json][header][form] parameter to the POST Body while creating a page, they can use Frontmatter. The demonstration of this vulnerability is provided in video format. [Video Link](https://www.youtube.com/watch?v=EU1QA0idoWE) 2. Inadequate File Name Validation To create a Contact Form, Frontmatter and markdown can be written as follows: [Contact Form Example](https://learn.getgrav.org/17/forms/forms/example-fo...

By Deeba Ahmed Another day, another Linux malware! This is a post from HackRead.com Read the original post: New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Nice Equipment: Linear eMerge E3-Series Vulnerabilities: Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with Dangerous Type, Incorrect Authorization, Exposure of Sensitive Information to an Authorized Actor, Insufficiently Protected Credentials, Use of Hard-coded Credentials, Cross-site Request Forgery, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nice Linear eMerge E3-Series are affected: Linear eMerge E3-Series: versions 1.00-06 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL') CWE-22 Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal....

### Impact In JSONata versions `>= 1.4.0, < 1.8.7` and `>= 2.0.0, < 2.0.4`, a malicious expression can use the [transform operator](https://docs.jsonata.org/other-operators#-------transform) to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. ### Patch This issue has been fixed in JSONata versions `>= 1.8.7` and `>= 2.0.4`. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. The following patch can be applied if updating is not possible. ```patch --- a/src/jsonata.js +++ b/src/jsonata.js @@ -1293,6 +1293,13 @@ var jsonata = (function() { } for(var ii = 0; ii < matches.length; ii++) { var match = matches[ii]; + if (match && (match.isPrototypeOf(result) || match instanceof Object.constructor)) { + ...

Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.

Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.

Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.