Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

GHSA-577p-7j7h-2jgf: Deserialization of Untrusted Data in dompdf/dompdf

DomPDF before version 2.0.0 is vulnerable to PHAR (PHP Archive) deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

ghsa
#vulnerability#php#rce#pdf#auth
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5,

GHSA-pjwm-cr36-mwv3: ReDoS in giskard's transformation.py (GHSL-2024-324)

# ReDoS in Giskard text perturbation detector A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the [GitHub Security Lab](https://securitylab.github.com) team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. ## Details The vulnerability affects Giskard's punctuation removal transformation used in the text perturbation detection. A regex used to detect URLs and links was vulnerable to catastrophic backtracking that could be triggered by specific patterns in the text. ## Affected version Giskard versions prior to 2.15.5 are affected. Users should upgrade to version 2.15.5 or later, which includes a fix for this vulnerability. ## Impact This vulnerability can cause extended computation times or crashes in Giskard when processing text containing certain patterns. ## Credit This issue was discovered and report...

GHSA-p2h2-3vg9-4p87: Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

### Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the `gh codespace ssh` or `gh codespace logs` commands. ### Details The vulnerability stems from the way GitHub CLI handles SSH connection details when executing commands. When developers connect to remote Codespaces, they typically use a SSH server running within a devcontainer, often provided through the [default devcontainer image](https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration). GitHub CLI [retrieves SSH connection details](https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244), such as remote username, which is used in [executing `ssh` commands](https://github.com/cli/cli/blob/e356c69a6f0125cfaac7...

GHSA-hff8-hjwv-j9q7: Remote Code Execution on click of <a> Link in markdown preview

### Summary There is a vulnerability in `Joplin-desktop` that leads to remote code execution (RCE) when a user clicks on an `<a>` link within untrusted notes. The issue arises due to insufficient sanitization of `<a>` tag attributes introduced by the `Mermaid`. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. ### Details In the markdown preview iframe, `Joplin` only opens `<a>` links internally within the same Electron window if they contain the `data-from-md` attribute. While Joplin successfully sanitizes the `data-from-md` attribute in user-embedded `<a>` links from the `.md` file to prevent the execution of untrusted HTML content, it fails to sanitize the `data-from-md` attributes of `<a>` tags introduced by `Mermaid` (e.g., the code snippet shown below). Since `Mermaid` allows the rendering of certain scriptless HTML elements, an attacker can embed `<a>...

GravCMS 1.10.7 Arbitrary YAML Write / Update

Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.

PHP-CGI Argument Injection Remote Code Execution

Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.

2N Access Commander

View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: 2N Equipment: Access Commander Vulnerabilities: Path Traversal, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of 2N Access Commander, an IP access control system, are affected: Access Commander: versions 3.1.1.2 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker to write files on the filesystem to achieve arbitrary remote code execution. CVE-2024-47253 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vecto...

Rockwell Automation FactoryTalk Updater

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Updater Vulnerabilities: Insecure Storage of Sensitive Information, Improper Input Validation, Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an authentication bypass, remote code execution, and/or a local privilege escalation 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk are affected: FactoryTalk Updater - Web Client: Version 4.00.00 FactoryTalk Updater - Client: All versions FactoryTalk Updater - Agent: All versions 3.2 Vulnerability Overview 3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922 An authentication bypass vulnerability exists due to shared secrets across accounts, which could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during auth...

Rockwell Automation Verve Asset Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager are affected: Verve Asset Manager: Versions 1.39 and prior 3.2 Vulnerability Overview 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395 Verve Asset Manager utilizes Kibana, which contains a remote code execution vulnerability that allows an attacker with access to ML and alerting connecting features as well as write access to internal ML to trigger a prototype pollution vulnerability, which can ultimately lead to arbitrary code execution. The code execution is limited to the container. CVE-2024-37287 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2...