This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.
df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ff
Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
163422edaa457d7b18dd68f3c52d86764e74e2b0d95f740cb2caa422b41f81a3
Red Hat Security Advisory 2024-9525-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a HTTP request smuggling vulnerability.
ab903037a6b97cb0363e655ad1e47d609650108489b69b881587fdedab97ff76
Red Hat Security Advisory 2024-9524-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
61ad8fd12a8476f96bfc3a6414f20fd9fbdcaf9eb70d721b5b89b5c32b3436a7
Red Hat Security Advisory 2024-9502-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
0a9592cbe810f85c63a0b79eef53152c242200dd4736d6ee0c1db21ffec57bb9
Red Hat Security Advisory 2024-9501-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a HTTP request smuggling vulnerability.
704a72590fb25993a12f3032f36b7df590e0a78f8e66fd0644992050125ecb38
Red Hat Security Advisory 2024-9500-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
15747a9fa0042b9816ac022e45ad503e78051387043e0dc89753c7b724cd8020
Red Hat Security Advisory 2024-9498-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
880c614e3a0c2dc81262d07c85b17b4a1946857f5840350e6bb4963d1d4fcaa0
Red Hat Security Advisory 2024-9497-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
db0542ec6dce39efd08f852568b0695fd610c514129fd3b8807b01586f0434c8
Red Hat Security Advisory 2024-9485-03 - Control plane Operators for RHOSO 18.0.3. Issues addressed include a memory exhaustion vulnerability.
8d28ac96c1c0a7e9cff2a93a4009e17da7abcef60559e32eb9d097e98338effd
Red Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.
f583dc3b5b04096c3dfa54511953fc8caef0c120a9b02784e810537c1665b787
Red Hat Security Advisory 2024-9474-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.
deb969d678bf42a1d621d038d653598e3e641a09022b90f33d8d97c0c33bbe6f
Red Hat Security Advisory 2024-9473-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a cross site scripting vulnerability.
340247002f966148b4ac1c04b98339d5fbc8cf2b91577d6891ad728510c3af8d
Red Hat Security Advisory 2024-9472-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.
91fbb25ce895c42b12b0c2a8f18dc6ca8b4f020b58e41a9d9bae10efd49c7f09
Red Hat Security Advisory 2024-9470-03 - An update for cups is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
a6a7ebd5935d015ed96e9946115b8c2e10a494cdeb8ada2fdbb82bddede77de8
Red Hat Security Advisory 2024-9468-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9.
7951931938aa0f753f092a8dfd5023eb80d9ce7b514d6319e66990874cf544c1
Red Hat Security Advisory 2024-9459-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.
364f175b797d09045f78c9db9628cf5e0f087f44aea1df3dd527c6dbacdcfe6d
Red Hat Security Advisory 2024-9458-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.
29d5765dc2c14136f8faf789b2d2e4052b8044e4ba834954fa94140795d32ba0
Red Hat Security Advisory 2024-9457-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote shell upload vulnerability.
8227c87ea3c4a2d6d25c74d77bc24b194c3a6bf80fbb99081bf8a9064998e024
Red Hat Security Advisory 2024-9456-03 - An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.
be8c5f0abe359af72b59a428f0b95a371d37a01d63d19ac193a33f44ed9cc532
Red Hat Security Advisory 2024-9454-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.
77182ffa1502afe8bbc0cf480b37d88ace427156194343fa43a1905a9ccecac2
Red Hat Security Advisory 2024-9452-03 - An update for pcp is now available for Red Hat Enterprise Linux 9. Issues addressed include a heap corruption vulnerability.
a20d460718d0e53793d0e637a52c31192ae62e0040059eb9e6cab9c7dfcc261e
Red Hat Security Advisory 2024-9451-03 - An update for python3.12 is now available for Red Hat Enterprise Linux 9.
337f477707d69299ccce428c5c8a327f6955861320a64a56604ef8ebccd3dc77
Red Hat Security Advisory 2024-9450-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.
2666473ea239cdc6790f0f7127374f8f9db3cb71f0ebba72a55877821b83b046
Red Hat Security Advisory 2024-9449-03 - An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9.
f5d7fbd030115cd8c127648681d3f9a98bc4d37093a7619a488e3edf2514f4b4