CVE-2024-0012

KEV
Palo Alto Networks Cloud NGFW

18 Nov 2024
Published
19 Nov 2024
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
96.61%

  • 4 Posts
  • 9 Interactions

CVE Info

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Fediverse

Profile picture

Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.

Being actively exploited.

labs.watchtowr.com/pots-and-pa

  • 3
  • 5
  • 2 hours ago
Profile picture

‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’

NIST-defined critical software.
labs.watchtowr.com/pots-and-pa

  • 0
  • 1
  • 2 hours ago
Profile picture

Updates on PAN-SA-2024-0015: The blog has been updated with the following latest information provided by Palo Alto.

1) CVE-2024-0012 has been assigned
2) Indicators of Compromise has been updated.
3) Added a section "What if I found one of the IOCs in my Organization's environment??"
4) Affected Products and Product versions has been updated
5) Fixed versions has been updated.

Refer: patchnow24x7.com/blog-1/f/pan-










  • 0
  • 0
  • 13 hours ago

CVE-2024-9474

KEV
Palo Alto Networks Cloud NGFW

18 Nov 2024
Published
19 Nov 2024
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
97.40%

  • 3 Posts
  • 9 Interactions

CVE Info

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Fediverse

Profile picture

Bad day for VPN routers: Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 auth bypass by HTTP, privesc via command injection. Exploitation enables pre-auth RCE chaining the bypass to inject arbitrary commands in PHP session handling, targeting SSLVPN devices.

Being actively exploited.

labs.watchtowr.com/pots-and-pa

  • 3
  • 5
  • 2 hours ago
Profile picture

‘ We simply… supply the off value to the X-PAN-AUTHCHECK HTTP request header, and the server helpfully turns off authentication?! At this point, why is anyone surprised?’

NIST-defined critical software.
labs.watchtowr.com/pots-and-pa

  • 0
  • 1
  • 2 hours ago

CVE-2024-52940

Pending

18 Nov 2024
Published
18 Nov 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.

Fediverse

CVE-2024-26229

Microsoft Windows 10 Version 1809

09 Apr 2024
Published
09 Oct 2024
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.04%

  • 1 Post
  • 2 Interactions

CVE Info

Windows CSC Service Elevation of Privilege Vulnerability

Fediverse

Profile picture

@cR0w This is from a client lol, AlienVault is flagging 127.0.0.0/8 connections as cve-2024-26229 IOCs 🙄

  • 0
  • 2
  • 2 hours ago

CVE-2024-1212

KEV
Progress Software LoadMaster

21 Feb 2024
Published
19 Nov 2024
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
91.88%

  • 1 Post
  • 1 Interaction

CVE Info

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Fediverse

Profile picture

Progress Kemp contains an OS Command that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution (CVE-2024-1212):
thehackernews.com/2024/11/cisa

  • 0
  • 1
  • 12 hours ago

CVE-2024-10224

Module::ScanDeps

19 Nov 2024
Published
19 Nov 2024
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.05%

  • 1 Post
  • 1 Interaction

CVE Info

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

Fediverse

Profile picture

It has been 0 days since I've had to tap the sign:
infosec.exchange/@ckure/111970

"CVE-2024-10224: local attackers can execute arbitrary shell commands as root by tricking needrestart into open()ing a filename of the form "commands|" (technically, this vulnerability is in Perl's ScanDeps module, but it is unclear whether this module was ever meant to operate on attacker-controlled files or not)."

qualys.com/2024/11/19/needrest

  • 0
  • 1
  • 1 hours ago

CVE-2024-35250

Microsoft Windows 10 Version 1809

11 Jun 2024
Published
15 Oct 2024
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.04%

  • 1 Post

CVE Info

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Fediverse

CVE-2024-21287

Oracle Corporation Agile PLM Framework

18 Nov 2024
Published
19 Nov 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.09%

  • 1 Post

CVE Info

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Fediverse

Profile picture

Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. securityweek.com/oracle-patche

  • 0
  • 0
  • 8 hours ago

CVE-2024-38812

KEV
VMware vCenter Server

17 Sept 2024
Published
20 Nov 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%

  • 1 Post
  • 8 Interactions

CVE Info

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Fediverse

Profile picture

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

  • 4
  • 4
  • 6 hours ago

CVE-2024-38813

KEV
VMware vCenter Server

17 Sept 2024
Published
20 Nov 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.09%

  • 1 Post
  • 8 Interactions

CVE Info

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Fediverse

Profile picture

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2024-38812 (9.8 critical) VMware vCenter Server heap-overflow vulnerability
  • CVE-2024-38813 (7.5 high) VMware vCenter privilege escalation vulnerability

  • 4
  • 4
  • 6 hours ago

CVE-2024-23113

KEV
Fortinet FortiSwitchManager

15 Feb 2024
Published
10 Oct 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
1.84%

  • 1 Post

CVE Info

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

Fediverse

Profile picture

What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec

labs.watchtowr.com/hop-skip-fo

  • 0
  • 0
  • 5 hours ago

CVE-2024-20767

Adobe ColdFusion

18 Mar 2024
Published
13 Sept 2024
Updated

CVSS v3.1
HIGH (8.2)
EPSS
11.07%

  • 1 Post

CVE Info

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.

Fediverse

Profile picture
[RSS] Remediation for CVE-2024-20767 (ColdFusion) and CVE-2024-21216 (WebLogic) Potential Exploitable Bugs

https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
  • 0
  • 0
  • 12 hours ago

CVE-2024-21216

Oracle Corporation WebLogic Server

15 Oct 2024
Published
17 Oct 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.15%

  • 1 Post

CVE Info

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Fediverse

Profile picture
[RSS] Remediation for CVE-2024-20767 (ColdFusion) and CVE-2024-21216 (WebLogic) Potential Exploitable Bugs

https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
  • 0
  • 0
  • 12 hours ago

CVE-2024-47575

KEV
Fortinet FortiManager

23 Oct 2024
Published
07 Nov 2024
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
5.18%

  • 1 Post

CVE Info

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Fediverse

Profile picture

What a wonderful writeup of the #fortinet vulnerabilities found by watchtowr labs. It's insightful and entertaining :) #cybersecurity #security #infosec

labs.watchtowr.com/hop-skip-fo

  • 0
  • 0
  • 5 hours ago

CVE-2024-44309

Apple Safari

19 Nov 2024
Published
19 Nov 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 3 Interactions

CVE Info

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Fediverse

Profile picture

iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
apfeltalk.de/magazin/feature/i
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit

  • 1
  • 2
  • 14 hours ago

CVE-2024-44308

Apple Safari

19 Nov 2024
Published
20 Nov 2024
Updated

CVSS
Pending
EPSS
0.04%

  • 1 Post
  • 3 Interactions

CVE Info

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Fediverse

Profile picture

iOS 18.1.1 und macOS Sequoia 15.1.1 schließen aktiv ausgenutzte Sicherheitslücken
Apple hat mit den neuen Updates iOS 18.1.1 und macOS Sequoia 15.1.1 bedeutende Sicherheitslücken geschlossen, die Beric
apfeltalk.de/magazin/feature/i
#Feature #iPad #iPhone #Mac #Apple #CrossSiteScripting #CVE202444308 #CVE202444309 #IntelMac #IOS1811 #JavaScriptCore #MacOSSequoia1511 #Sicherheitsupdate #Webkit

  • 1
  • 2
  • 14 hours ago

CVE-2023-27997

KEV
Fortinet FortiOS-6K7K

13 Jun 2023
Published
23 Oct 2024
Updated

CVSS v3.1
CRITICAL (9.2)
EPSS
9.72%

  • 1 Post

CVE Info

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Fediverse

Profile picture

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
trendmicro.com/en_us/research/

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.

In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.

Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.

  • 0
  • 0
  • 17 hours ago

CVE-2023-28461

Pending

15 Mar 2023
Published
02 Aug 2024
Updated

CVSS
Pending
EPSS
0.32%

  • 1 Post

CVE Info

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

Fediverse

Profile picture

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
trendmicro.com/en_us/research/

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.

In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.

Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.

  • 0
  • 0
  • 17 hours ago

CVE-2023-45727

North Grid Corporation Proself Enterprise/Standard Edition

18 Oct 2023
Published
13 Sept 2024
Updated

CVSS
Pending
EPSS
0.17%

  • 1 Post

CVE Info

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Fediverse

Profile picture

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation
Analysis With The APT10 Umbrella
trendmicro.com/en_us/research/

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend
Micro has been tracking the group as Earth Kasha. We have identified a new
campaign connected to this group with significant updates to their strategy,
tactics, and arsenals.

In the new campaign starting in early 2023, Earth Kasha expanded their targets
into Japan, Taiwan, and India. Based on the bias of the incident amount, while
we believe that Japan is still the main target of Earth Kasha, we observed
that a few high-profile organizations in Taiwan and India were targeted. The
observed industries under attack are organizations related to advanced
technology and government agencies.

Earth Kasha has also employed different Tactics, Techniques, and Procedures
(TTPs) in the Initial Access phase, which now exploits public-facing
applications such as SSL-VPN and file storage services. We observed that
vulnerabilities of enterprise products, such as Array AG (CVE-2023-28461),
Proself (CVE-2023-45727) and FortiOS/FortiProxy (CVE-2023-27997), were abused
in the wild. Earth Kasha was changing these vulnerabilities to abuse from time
to time. After gaining access, they deployed several backdoors in the victim's
network to achieve persistence. These include Cobalt Strike, LODEINFO, and the
newly discovered NOOPDOOR, which we will describe later.

  • 0
  • 0
  • 17 hours ago

CVE-2024-10979

PostgreSQL

14 Nov 2024
Published
14 Nov 2024
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Fediverse

Profile picture
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 14 hours ago

CVE-2024-10977

PostgreSQL

14 Nov 2024
Published
14 Nov 2024
Updated

CVSS v3.1
LOW (3.1)
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Fediverse

Profile picture
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 14 hours ago

CVE-2024-10976

PostgreSQL

14 Nov 2024
Published
14 Nov 2024
Updated

CVSS v3.1
MEDIUM (4.2)
EPSS
0.04%

  • 1 Post
  • 1 Interaction

CVE Info

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

Fediverse

Profile picture
[oss-security] PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

https://www.openwall.com/lists/oss-security/2024/11/16/7

CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
  • 0
  • 1
  • 14 hours ago