This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.
4139fe8722da9090b649b6c2e329d28e730741d7fd1766e8611ccc508a83a955Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.
cca5a4488ff9b7699fd1a94c08ef52f1f53425aa624700fb9ed880aa369c470eUbuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.
c4fe18ae97be2193d34a7e1f1b12596463b48313b3820550e75dc093759247baUbuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48aRed Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
760ee5b7d8e2659215b52748f1d60365ac4849df90830cfd3f71064349e878dfRed Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
02992f7c48d13d7834456c07f3822b6de0850dc4c50dc9baeb00d0d3540d8730Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.
92af62c9e4ab8b602262f8dc118f075d3342c33ab951114c5cfa8a7d29694672Ubuntu Security Notice 6668-1 - It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations.
8b976b5faa5d4b10b0fc031169e7fc9d450e6f7d3e44c15b0b2209066d59a417Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
c38f79aa1fb6858b5c05f7a4fe033ec4d8c9043ac0b28db82931dc9620b2aa19Red Hat Security Advisory 2024-0857-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7. Issues addressed include a code execution vulnerability.
477156adac9fcdf1d868e035fabb6e0d47125c4a8ed81b73a516eeb0465cc5feRed Hat Security Advisory 2024-0754-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.
73e8f56ca7554fb868a666139c8a00887803431311bd6fbf18291327741a2aefRed Hat Security Advisory 2024-0588-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
6436a3c69d590a691ed1868695481dfc85517b642342b841f4c555390078c3cfRed Hat Security Advisory 2024-0587-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a traversal vulnerability.
54f65fc64232ca26db36e6428dcbc73ae9e63ad1f8e5b0e49228842970aaa122Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.
4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562Red Hat Security Advisory 2024-0464-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.
5e2d7a5624f97d20a6d70a2a3e5fdb17bfba7509f3c18063065f005ae58cf9e0Red Hat Security Advisory 2024-0374-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a traversal vulnerability.
aca7268546fe5f209e0fa0512ae242587576a7d22a54acf950b7abcdf24acef6Red Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.
577f221d2e76f426fe238a8135c7fae4c7d1338480e41329e362e8922a5d1576Red Hat Security Advisory 2024-0300-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
4412f703d959c59aa8a60d7a59b5e7a78dd01b8efcff48d6555296c3f35bf621Red Hat Security Advisory 2024-0299-03 - An update for python-requests is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
9701ca8b572d6d25dfb6014a97a226ddccc462f28d27056943a62ff62a2e53fdRed Hat Security Advisory 2024-0214-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.
e72c9c61fc04da0c2c56bb14ee3572f7d800cb7d313211fccb50192eb1de162cRed Hat Security Advisory 2024-0213-03 - An update for python-eventlet is now available for Red Hat OpenStack Platform 17.1.
d1f3e384b799d03376bb371dd644c80c2eccaead5ca974b756548bfb06ccaa28Red Hat Security Advisory 2024-0212-03 - An update for python-django is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.
ffba3f678f0c9a7c0e730bcf38f3ecdb2dccccd53dfe2ecd2e5733d41eb5074bRed Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.
50c2f21eebdf9757eb666fbf646f7701855b330687977003cfb6ff2ba950f45cRed Hat Security Advisory 2024-0188-03 - An update for python-eventlet is now available for Red Hat OpenStack Platform 17.1.
4d73181ce669f92d18f04deb3719e9fc29537c8d53a8954684564e82ffbafd72
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed