CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.
GibbonEdu Core version 26.0.00 suffers from a cross site scripting vulnerability that can lead to privilege escalation.
TP-Link Archer AX50 router with firmware version 1.0.11 build 2022052 suffers from a persistent cross site scripting vulnerability.
HTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not restrict input for parameters, so both container and parameters for the dockerInspect command were vulnerable to shell command injection on the container as the abc user with (limited) command output. See commits 23df366 and c091e4c for fixes.
Ubuntu Security Notice 7001-2 - USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
Red Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
Ubuntu Security Notice 7011-2 - USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
Red Hat Security Advisory 2024-6723-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Security Advisory 2024-6722-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-6721-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Ubuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
Ubuntu Security Notice 7010-1 - Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
Microsoft SQL Server versions 2014, 2016, 2017, 2019, and 2022 suffer from an issue where masked data can be exposed through a brute force attack.
Ubuntu Security Notice 7014-1 - It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
Apple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.
Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.