Yokogawa Test & Measurement Corporation Security Vulnerabilities

Exploit for CVE-2024-31848

Exploiting CData within Jetty servers -...

Task hijacking of apps that set allowTaskReparenting="true"

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Improper Authentication in Redhat Keycloak

PoC for CVE-2023-0264 _Keycloak vulnerability that allows...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-POC A Simple tool to Automate CVE-2024-24919...

vyper performs multiple eval of `sqrt()` argument built in

Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult (but not impossible!) to trigger as of 0.3.4, when the unique symbol fence was introduced (https://github.com/vyperlang/vyper/pull/2914). A contract...

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

Information Exposure

Quarkus-core is vulnerable to Information Exposure. The vulnerability is due to the capture of local environment variables from the Quarkus namespace during the build process, leading to applications inheriting potentially sensitive or test-specific settings at...

CVE-2024-26850 mm/debug_vm_pgtable: fix BUG_ON with pud advanced test

In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Architectures like powerpc add debug checks to ensure we find only devmap PUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM. This patch marks the ptes...

CVE-2023-33472

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers...

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as...

CVE-2024-5126

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to....

Brocade Enable Login Check Scanner

This module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not be enabled in the device...

Ollama does not validate the format of the digest (sha256 with 64 hex digits)

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...

CVE-2024-36478

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p...

CVE-2024-5128

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

Exploit for Authentication Bypass by Capture-replay in Microsoft

CVE-2023-23397-POC-Powershell Script functions to either...

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles....

CVE-2024-36478

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p...

Exploit for CVE-2024-20356

CVE-2024-20356 This is a proof of concept for CVE-2024-20356,...

CVE-2024-5131

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the...

Exploit for CVE-2023-22515

Confluence Hack CVE-2023-22515 exploit.py Exploit to...

Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...

Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such...

Ollama does not validate the format of the digest (sha256 with 64 hex digits)

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../...

CVE-2024-26661 drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx-&gt;stream_res.tg-&gt;inst;" pipe_ctx-&gt;stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not...

Exploit for Path Traversal in Microsoft

Fully Weaponized CVE-2021-40444 Malicious docx generator to...

CVE-2024-21477 Buffer Over-read in WLAN Firmware

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

Exploit for Allocation of Resources Without Limits or Throttling in Apache Http Server

CVE-2024-27316 I decided to call this vulnerability...

Exploit for CVE-2024-21683

Usage python poc.py -u...

CVE-2021-47565 scsi: mpt3sas: Fix kernel panic during drive powercycle test

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object remains intact....

CVE-2021-46916 ixgbe: Fix NULL pointer dereference in ethtool loopback test

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated....

CVE-2024-26661 drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx-&gt;stream_res.tg-&gt;inst;" pipe_ctx-&gt;stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Recon Tool Installation git clone...

BIT-gitlab-2023-6678

An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

Follina Proof of Concept (CVE-2022-30190) Quick and easy...

CVE-2024-21477

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

CVE-2024-21477 Buffer Over-read in WLAN Firmware

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM)...

Percona XtraBackup vulnerability

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages percona-xtrabackup - Open source backup tool for InnoDB and XtraDB Details It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code...

Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

The otelhttp package of opentelemetry-go-contrib is vulnerable to a denial-of-service attack. The otelhttp package uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.request_content_length, http.server.response_content_length, and http.server.duration...

Exploit for CVE-2023-38646

🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

Exploit for Code Injection in Apache Commons Text

Install maven -...

Exploit for Race Condition in Solarwinds Solarwinds Platform

CVE-2024-28999 Exploit for CVE-2024-28999 SolarWinds Platform...

buildah security and bug fix update

[1.33.7-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/997beea) - Resolves:...

[SECURITY] Fedora 39 Update: rust-uu_test-0.0.23-3.fc39

test ~ (uutils) evaluate comparison and file type...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...