java-21-openjdk security update

1:21.0.3.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.3.0.9-1 - Update to jdk-21.0.3+9 GA - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves:...

Important: Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update

An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

argo-cd: Denial of Service Due to Unsafe Array Modification in Multi-threaded Environment

A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.3 security update

An update is now available for Red Hat OpenShift GitOps v1.11.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

BIT-ARGO-CD-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

Denial Of Service (DoS)

github.com/argoproj/argo-cd is vulnerable to Denial of Service DoS. The vulnerability is due to unsafe manipulation of an array in a multi-threaded environment. When two threads interact with the same array simultaneously this flaw can potentially leads to an application crash...

Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Summary An attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. Details The vulnerability is rooted i...

GHSA-6V85-WR92-Q4P7 Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Summary An attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. Details The vulnerability is rooted i...

CVE-2024-21661

A flaw was found in Argo CD that may result in a remote denial of service. The expireOldFailedAttempts function modifies an array while it is being iterated over. This issue may cause an application crash when executed in a multi-threaded environment if two threads interact with the same array...

CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

CVE-2024-21661 Argo CD Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

GHSA-X32M-MVFJ-52XV Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of...

Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of...

Argo CD Security Vulnerability

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g. configuration in the Git repository, automatically synchronizing and deploying...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 - Mirth Connect Remote Code Execution RCE Exp...

Fedora: Security Advisory for frysk (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: frysk-0.4-94.fc40

Frysk is an execution-analysis technology implemented using native Java and C++. It is aimed at providing developers and sysadmins with the ability to both examine and analyze running multi-host, multi-process, multi-threaded systems. Frysk allows the monitoring of running processes and threads, ...

CentOS 9 : libnbd-1.12.6-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libnbd-1.12.6-1.el9 build changelog. - A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly...

CentOS 9 : libnbd-1.12.5-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libnbd-1.12.5-1.el9 build changelog. - A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly...