Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords. This can lead to unauthorized access and control over the aquarium controller, compromising its security and potentially allowing attackers to manipulate its settings.
156dd012b72f45fad1f98bb1e1e9d6db89c8dfc2181bfdb205566cd6e184f365
This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it can be used to elevate privileges to root. Progress Flowmon up to at least version 12.3.5 is vulnerable.
4d7c5d9c8f90f2082d79d0b216623a4757503aa44c96d6dd6a02243cececec08
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
9e5759e0d9d047326efdff5085c60e099c504e9bdbb0c1540ffd77ceb2e82e91
Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.
9327b88d4263400201612dd920f846d1a80857a43d9803b4e3a6335b15e6b885
Akaunting version 3.1.8 suffers from a client-side template injection vulnerability.
6491bd0abf8f5259e515a3521918faa0c048b25866f715b84bb84d8ae1c92170
Akaunting version 3.1.8 suffers from a server-side template injection vulnerability.
a378ee9c1785e1e7d1980af6982f2f8c7d5e2cc4af0975a15adbb1c3dbea4c6e
Ubuntu Security Notice 6798-1 - It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
4acac72a3dfe0373fc6b22e1840f610eab5b9380f0c2cfc854223027ec48278c
ORing IAP-420 version 2.01e suffers from remote command injection and persistent cross site scripting vulnerabilities.
28abb60f6782915fe5d445adb98b15cb9953faaf9cc843956f9c44bd40922a89
Ubuntu Security Notice 6796-1 - Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. Jurgen Repp and Andreas Fuchs discovered that TPM2 Software Stack did not validate the quote data after deserialization. An attacker could generate an arbitrary quote and cause TPM2 Software Stack to have unknown behavior.
dcfbc23cf3c552a9a4744b58987227f1e79944f37c015bfecba48473b02cb673
Ubuntu Security Notice 6799-1 - It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code on the host under certain circumstances.
6253fe97a3f9aa6695dda53da23eeb3620f1cfe1f93ea17380c239efc3fce21b
Red Hat Security Advisory 2024-3486-03 - An update for gdisk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
5071fe072a035f7e1282d477062951ba1027ea5414bd56ad01a44f38f23c5c06
Red Hat Security Advisory 2024-3483-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.
ae8fcbd3385455e57b8a2c6e880bbfcb883ee85387c5d4bfbf01b75fe0432e1e
Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.
45b15e08ee6f9162e0436ff10e444d356fa774f64b913ea9d301680c31f73eeb
Red Hat Security Advisory 2024-3475-03 - An update is now available for Red Hat OpenShift GitOps v1.11.5 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
269525e4c3a50bc76e8c1076b9607d481198ce32c310dc7dbe3f3890ea244784
Red Hat Security Advisory 2024-3473-03 - Red Hat OpenShift Virtualization release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements.
f13305d5d89807a97398a59ca6965e520ea320b5e1b9bfe82ad3f1e9983f9b0d
Red Hat Security Advisory 2024-3472-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.
efee70da78a9658e0e9f37e842cc17d3110d37b3d14e68617ac3a5a1ee7c0187
Red Hat Security Advisory 2024-3467-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 on Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
e9cee77eb5e84d1ebda562c86a74fcdee76f777941f932eaef8175320f8e5abe
Red Hat Security Advisory 2024-3466-03 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and traversal vulnerabilities.
1dc104ec4a1d9d073ddad0e16e92fe1219ab88b770bca4ab0dcb3e9c13b43386
Red Hat Security Advisory 2024-3351-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.
4f25494f5f1e498f94aec265d3ed60092dbe47440e73a76108dfa9b952855f47
Red Hat Security Advisory 2024-3331-03 - Red Hat OpenShift Container Platform release 4.14.27 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
03d93a3c9b85c62831ca12e31990c8783f9b1c3425f6b0d4eb243e44d23aa923
Red Hat Security Advisory 2024-3327-03 - Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
77917c31c0c47e4bfe377b617d5beb180f4ed59a67ba72d9ead5c6c0c87247df
Red Hat Security Advisory 2024-2728-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 for RHEL 9.2. Issues addressed include a denial of service vulnerability.
0fa656c0793cc98c9ba36d6078d1fad3667742c198c002307eab44e39b9c39ff
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.
f262ccf117a7326996b9db1324d65098a3eea5a5882162d9f1ec432434054948
Ubuntu Security Notice 6797-1 - It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. It was discovered that some Intel® Atom® Processors did not properly clear register state when performing various operations. A local attacker could use this to obtain sensitive information via a transient execution attack. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
1ae00687dcd8bf9e9f41102f5446e293b7f0e18dbc2d69d9941f2b35474397b5
Ubuntu Security Notice 6787-1 - It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting attack.
5fb19612eaef3e824fef107b74a6791c85cf91717d71f96ab90d4a98e0def10e