Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

GHSA-6jvg-hp25-42f6: Nteract Remote Code Execution vulnerability

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

ghsa
#vulnerability#git#rce
Why Apple added protection against quantum computing when quantum computing doesn’t even exist yet

Apple’s newest encryption technology, called PQ3, now secures iMessages with end-to-end encryption that is quantum-resistant.

Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution

Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.

Red Hat Security Advisory 2024-1007-03

Red Hat Security Advisory 2024-1007-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

GHSA-xrvh-rvc4-5m43: Kirby vulnerable to unrestricted file upload of user avatar images

### TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and *cannot* be automated. ---- ### Introduction Unrestricted upload of files with a dangerous type is a type of vulnerability that allows to circumvent expectations and protections in the server setup or backend code. Uploaded files are not checked for their compliance with the intended purpose of the upload target, which can introduce secondary attack vectors. While the vulnerability described here does *not* allow critical attacks like remote code execution (RCE), it can still be abused to upload unexpected file types that could for example make it possible to perform cross-site scripting (XSS) attacks. ### Impact Users with Panel access can upload a user avatar in their own account view. This avatar is intended to be an image, however the file type or file extension was not validat...

Gentoo Linux Security Advisory 202402-32

Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.

ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution

This Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.

GHSA-3v79-q7ph-j75h: MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.