24h | 7d | 30d

Overview

  • Liferay
  • Portal

09 Aug 2025
Published
11 Aug 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.09%

KEV

Description

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi

Una vulnerabilità, contrassegnata come CVE-2025-61757, è stata resa pubblica Searchlight Cyber giovedì scorso. I ricercatori dell’azienda hanno individuato il problema e hanno informato Oracle, che ha portato alla sua divulgazione.

Oracle ha corretto CVE-2025-61757 con le patch di ottobre 2025 e ha confermato che si tratta di un problema critico che può essere facilmente sfruttato senza autenticazione.

L’azienda di sicurezza l’ha descritta come una vulnerabilità critica di esecuzione di codice remoto pre-autenticazione in Oracle Identity Manager. L’exploit, che concatena una vulnerabilità di bypass dell’autenticazione e l’esecuzione di codice arbitrario, può consentire a un aggressore di compromettere completamente il sistema.

Searchlight Cyber ha avvertito giovedì che la vulnerabilità può “consentire agli aggressori di manipolare i flussi di autenticazione, aumentare i privilegi e muoversi lateralmente nei sistemi principali di un’organizzazione”, sottolineando che può “portare alla violazione dei server che gestiscono le informazioni personali identificabili (PII) e le credenziali degli utenti”.

“Ci sono diversi IP che stanno scansionando attivamente il bug, ma tutti utilizzano lo stesso user agent, il che suggerisce che potremmo avere a che fare con un singolo aggressore”, ha spiegato Ullrich. “Purtroppo non abbiamo catturato i corpi per queste richieste, ma erano tutte richieste POST”, ha aggiunto.

Il SANS Technology Institute ha utilizzato le informazioni tecniche e il codice PoC resi pubblici da Searchlight giovedì per controllare i propri registri honeypot alla ricerca di segnali di potenziale sfruttamento .

Secondo Johannes Ullrich di SANS, possibili casi di sfruttamento sono stati osservati più volte tra il 30 agosto e il 9 settembre, settimane prima che Oracle rilasciasse una patch.

L’esperto ha affermato che gli stessi indirizzi IP erano stati precedentemente visti mentre scansionavano il web alla ricerca di una vulnerabilità del prodotto Liferay (CVE-2025-4581) e conducevano scansioni che sembrano essere associate a bug bounty.

L'articolo Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Linux
  • Linux

17 Apr 2024
Published
04 May 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-hpd bridge is currently registered before all resources have been acquired which means that it can also be deregistered on probe deferrals. In the meantime there is a race window where the new aux bridge driver (or PHY driver previously) may have looked up the dp-hpd bridge and stored a (non-reference-counted) pointer to the bridge which is about to be deallocated. When the display controller is later initialised, this triggers a use-after-free when attaching the bridges: dp -> aux -> dp-hpd (freed) which may, for example, result in the freed bridge failing to attach: [drm:drm_bridge_attach [drm]] *ERROR* failed to attach bridge /soc@0/phy@88eb000 to encoder TMDS-31: -16 or a NULL-pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ... Call trace: drm_bridge_attach+0x70/0x1a8 [drm] drm_aux_bridge_attach+0x24/0x38 [aux_bridge] drm_bridge_attach+0x80/0x1a8 [drm] dp_bridge_init+0xa8/0x15c [msm] msm_dp_modeset_init+0x28/0xc4 [msm] The DRM bridge implementation is clearly fragile and implicitly built on the assumption that bridges may never go away. In this case, the fix is to move the bridge registration in the pmic_glink_altmode driver to after all resources have been looked up. Incidentally, with the new dp-hpd bridge implementation, which registers child devices, this is also a requirement due to a long-standing issue in driver core that can otherwise lead to a probe deferral loop (see commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")). [DB: slightly fixed commit message by adding the word 'commit']

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
🚨 Deep Dive: #Ubuntu USN-7879-1 | Linux Kernel Netfilter Vulnerabilities Just published a technical analysis of the critical CVE-2024-1086 (use-after-free) and CVE-2024-26909 patches. Read more: 👉 tinyurl.com/yvce6vvt #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • OpenPrinting
  • libcupsfilters

12 Nov 2025
Published
12 Nov 2025
Updated

CVSS v3.1
LOW (3.7)
EPSS
0.04%

KEV

Description

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. They must choose a printer configuration under which the `imagetoraster` filter or its C-function equivalent `cfFilterImageToRaster()` gets invoked. The vulnerability exists in both CUPS-Filters 1.x and the successor library libcupsfilters (CUPS-Filters 2.x). In CUPS-Filters 2.x, the vulnerable function is `_cfImageReadTIFF() in libcupsfilters`. When this function is invoked as part of `cfFilterImageToRaster()`, the caller passes a look-up-table during whose processing the out of bounds memory access happens. In CUPS-Filters 1.x, the equivalent functions are all found in the cups-filters repository, which is not split into subprojects yet, and the vulnerable code is in `_cupsImageReadTIFF()`, which is called through `cupsImageOpen()` from the `imagetoraster` tool. A patch is available in commit b69dfacec7f176281782e2f7ac44f04bf9633cfa.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
#Ubuntu Security Alert: libcupsfilters vulnerabilities CVE-2025-57812 and CVE-2025-64503. Read more: 👉 tinyurl.com/yz3cd38s #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Google
  • Chrome

17 Nov 2025
Published
18 Nov 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts

Last activity: 21 hours ago

Bluesky

Profile picture
🚨 Important Security Alert for #openSUSE Users 🚨 A mandatory Chromium update is available to address critical type confusion bugs in the V8 JavaScript engine (CVE-2025-13223 & CVE-2025-13224). These flaws could allow remote code execution. Read more: 👉 tinyurl.com/vkcekvuv #Security
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
🔐 Critical #openSUSE Chromium Patch Alert The latest Chromium update for openSUSE addresses two significant vulnerabilities: CVE-2025-13223 and CVE-2025-13224. Read more: 👉 tinyurl.com/3j8sbr3x #Security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

libpng 1.6.51 has been released. This version fixes 4 vulnerabilities:

- CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize() via malformed palette index
- CVE-2025-64506 (moderate severity): Heap buffer over-read in png_write_image_8bit() with 8-bit input and convert_to_8bit enabled
- CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite() via incorrect palette premultiplication
- CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row() triggered via png_image_finish_read()

Out of these CVE-2025-65018 may lead to RCE in certain heap configurations, other ones are infoleaks / denial of service.

  • 1
  • 6
  • 0
  • 7h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

libpng 1.6.51 has been released. This version fixes 4 vulnerabilities:

- CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize() via malformed palette index
- CVE-2025-64506 (moderate severity): Heap buffer over-read in png_write_image_8bit() with 8-bit input and convert_to_8bit enabled
- CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite() via incorrect palette premultiplication
- CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row() triggered via png_image_finish_read()

Out of these CVE-2025-65018 may lead to RCE in certain heap configurations, other ones are infoleaks / denial of service.

  • 1
  • 6
  • 0
  • 7h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

libpng 1.6.51 has been released. This version fixes 4 vulnerabilities:

- CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize() via malformed palette index
- CVE-2025-64506 (moderate severity): Heap buffer over-read in png_write_image_8bit() with 8-bit input and convert_to_8bit enabled
- CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite() via incorrect palette premultiplication
- CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row() triggered via png_image_finish_read()

Out of these CVE-2025-65018 may lead to RCE in certain heap configurations, other ones are infoleaks / denial of service.

  • 1
  • 6
  • 0
  • 7h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

libpng 1.6.51 has been released. This version fixes 4 vulnerabilities:

- CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize() via malformed palette index
- CVE-2025-64506 (moderate severity): Heap buffer over-read in png_write_image_8bit() with 8-bit input and convert_to_8bit enabled
- CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite() via incorrect palette premultiplication
- CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row() triggered via png_image_finish_read()

Out of these CVE-2025-65018 may lead to RCE in certain heap configurations, other ones are infoleaks / denial of service.

  • 1
  • 6
  • 0
  • 7h ago
Showing 31 to 38 of 38 CVEs