Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.6.3 security updates

Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2024-6791 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to the distribution of resources without limits and regulation in the Windows Hyper-V system, allowing a remote attacker to cause a denial of service. This can...

[SECURITY] [DSA 5786-1] libgsf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5786-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2024 https://www.debian.org/security/faq -...

Scam Information and Event Management

While trying to deliver malware on victims' devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims' devices without user consent; they'...

Debian dsa-5783 : firefox-esr - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5783 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5783-1 [email protected] https://www.debian.org/securit...

Threat actor believed to be spreading new MedusaLocker variant since 2022

Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount and countries of origin of...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

[SECURITY] [DSA 5778-1] cups-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5778-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2024 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5777-1] booth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5777-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2024 https://www.debian.org/security/faq -...

CVE-2023-27584

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

[SECURITY] [DSA 5773-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5773-1 [email protected] https://www.debian.org/security/ Andres Salomon September 19, 2024 https://www.debian.org/security/faq -...

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP allows a perpetrator to cause service failures.

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow a malicious actor to cause...

CVE-2024-6685

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...

[SECURITY] Fedora 39 Update: flatpak-1.15.10-1.fc39

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...

RHSA-2017:2603 Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update

Bulletin has no description...

The vulnerability of Nomad application orchestrators, related to improper external control of the file name or path during data loading, allows attackers to create archives that unpack files according to paths outside the expected distribution directory.

The vulnerability of Nomad application orchestrators is related to incorrect external management of filenames or file paths during data loading. Exploiting this vulnerability allows an attacker to create a archive that unpacks files using paths outside the expected distribution directory...

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication 2FA messages. Singapore-headquartered Group-IB, which...

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...