Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c658185677135802db2ba020e70479b25e526033ddf4ea288605faedc8a49296
Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
8cc838f6ef748a44660ee0af1d6a0ecdccb9b164104b147228a83cfd362a1dae
Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.
6dada91b5125e5cbc3f8d9cb9d59a5f937052241fe1e5481dab19199fced220c
Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49a
Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.
12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336
Red Hat Security Advisory 2024-1408-03 - An update for emacs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
c637c4e0665244153c76a8e6eb8823cba0e8628cd936137610cde758e24770a4
Red Hat Security Advisory 2024-1353-03 - An update is now available for Red Hat Process Automation Manager. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
08b4e847d08dda831c59a07de21c73b00e7633dffb2b64b53231e10e1582e374
Atlassian Confluence versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0 through 8.5.3 suffer from a remote code execution vulnerability.
0aa128553cbd5a516cc713b76e3dc3f366da8678b4aba8459dee773880a5c164
ZoneMinder Snapshots versions prior to 1.37.33 suffer from an unauthenticated remote code execution vulnerability.
1214b8dd5cc3e41afef6bf3970934bdc17fe4f69cdd2f486c163cc06c6903f65
Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227
This is a proof of concept exploit for CVE-2024-25153, a remote code execution vulnerability in Fortra FileCatalyst Workflow versions 5.x, before 5.1.6 Build 114.
2a8afe7aeb8387754a5e1093b278c99cf0daa3ee2f0907df1d3ea9383e5f2a54
Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945
This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.
9d64188a47060dad96a12b2b5fc06e5f3f52c1141722943d26696fa195cc355b
This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.
68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Apple Security Advisory 03-12-2024-1 - GarageBand 10.4.11 addresses code execution and use-after-free vulnerabilities.
cf1feda0632734f3eac97a03cb231aca57c5c2445e35cdacbbac27e26d43b080
Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
bb37d3d885c05665df5e0348f90e65516bd9024d109db00efe75183960a1ab40
StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.
9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
75dbd070cadb95c190fb2c3e720880078476efddd8b02e812bc1c594dfa6e86f
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
6df43170bd5fc352fd321acd5fe231d753158fd667fcbe6941a1ccefd16eb11a
Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.
6d34d98987ed9e7f5bc383bd22eb781faef984e2518dc2398e1701abcb1cdd3b
Apple Security Advisory 03-07-2024-3 - macOS Ventura 13.6.5 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.
a73a9b93cfdd3db0327dd1d8307d169f4dba16169f4b090abd5020a3d9a70efe
Apple Security Advisory 03-07-2024-2 - macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.
29c509ba93a9dc40af758aca80410a21c8239c2a3c115bac3d2acd0e1e6deea5
JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability.
e1c264f19102d105794de4c6c20eaafe22944b48d40bf81b679d6529f26dcffb
Honeywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.
af3705248c7122eb4d11be4c13209b3526cbee77ed228747c3f55800ef9fb1ef
Viessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.
86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766a