The vulnerability of the SuiteLink server for AVEVA Historian, InTouch, Application Server, Communication Drivers Pack, and Batch Management products allows a hacker to cause service interruptions.

The vulnerability of the SuiteLink server for AVEVA Historian, InTouch, Application Server, Communication Drivers Pack, and Batch Management products is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotel...

PT-2024-8899 · Intel · Intel Distribution For Gdb

Name of the Vulnerable Software and Affected Versions: IntelR Distribution for GDB versions prior to 2024.0.1 Description: The issue is related to incorrect default permissions in the IntelR Distribution for GDB software. This may allow an authenticated user to potentially enable escalation of...

PT-2024-7930 · Intel · Intel Distribution For Gdb

Name of the Vulnerable Software and Affected Versions: IntelR Distribution for GDB software versions prior to 2024.0.1 Description: The issue is related to an uncontrolled search path in the IntelR Distribution for GDB software, which may allow an authenticated user to potentially enable escalati...

ALSA-2024:5312 Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to github.com/docker/distribution ( CVE-2023-2253 )

Summary Go module github.com/docker/distribution is used by IBM Cloud Pak for Data. CVE-2023-2253. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/catalog endpoint. By sending a specially...

[SECURITY] [DSA 5743-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5743-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2024 https://www.debian.org/security/faq -...

[SECURITY] Fedora 40 Update: python-setuptools-69.0.3-4.fc40

Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that...

Debian dsa-5743 : roundcube - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5743 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5743-1 [email protected] https://www.debian.org/securit...

Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administrati...

RHEL 8 : python-setuptools (RHSA-2024:5000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5000 advisory. The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of...

[SECURITY] [DSA 5735-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5735-1 [email protected] https://www.debian.org/security/ Andres Salomon July 31, 2024 https://www.debian.org/security/faq -...

Threat actor impersonates Google via fake ad for Authenticator

We have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it als...

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service DaaS that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000...

[SECURITY] [DSA 5734-2] bind9 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5734-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2024 https://www.debian.org/security/faq -...

CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

CVE-2024-0231

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...

org.apache.pinot:pinot-compatibility-verifier (=0.10.0), org.apache.pinot:pinot-distribution (>=0.1.0 <=0.10.0) +7 more potentially affected by CVE-2024-39676 via org.apache.pinot:pinot-controller (>=0.10.0 <=0.9.3)

org.apache.pinot:pinot-controller MAVEN version =0.10.0, =0.1.0, =0.11.0, =0.9.0, =0.1.0, =0.8.0, =0.8.0, =0.1.0, =0.1.0, =0.10.0 Source cves: CVE-2024-39676 Source advisory: OSV:GHSA-8GJ9-R4HV-3JJW...

How to Securely Onboard New Employees Without Sharing Temporary Passwords

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing...

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

--- The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the...

[SECURITY] [DSA 5733-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5733-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2024 https://www.debian.org/security/faq -...