Windows Server Key Distribution Service Security Feature Bypass

...

January 9, 2024—KB5034130 (OS Build 25398.643)

January 9, 2024—KB5034130 OS Build 25398.643 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

PT-2024-1153 · Microsoft · Windows Server Key Distribution Service +1

Name of the Vulnerable Software and Affected Versions: Windows Server Key Distribution Service affected versions not specified Description: The issue is related to errors in the certificate authentication procedure of the Windows Server Key Distribution Service. It allows a remote attacker to...

Microsoft Windows Server Key Distribution Service Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Server Key Distribution Service. An attacker could exploit this vulnerability to bypass certain features. The following products and...

The vulnerability of the jackson-databind library, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the jackson-databind library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

[SECURITY] [DSA 5597-1] exim4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 04, 2024 https://www.debian.org/security/faq -...

firefox security update

115.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.6.0-1 - Update to 115.6.0 build1...

[SECURITY] [DSA 5592-1] libspreadsheet-parseexcel-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5592-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 30, 2023 https://www.debian.org/security/faq -...

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vect...

io.quarkus:quarkus-test-infinispan-client (>=2.5.0.CR1 <=3.0.0.Alpha2), org.infinispan:infinispan-distribution (>=13.0.0.Final <=14.0.24.Final) +9 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-sql (>=13.0.0.CR2 <=14.0.24.Final)

org.infinispan:infinispan-cachestore-sql MAVEN version =13.0.0.CR2, =2.5.0.CR1, =13.0.0.Final, =13.0.0.Final, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =14.0.10.Final, =13.0.0.CR2, =14.0.24.Final Source cves: CVE-2023-5384 Source advisory: OSV:GHSA-GG57-587F-H5...

Financially motivated threat actors misusing App Installer

Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme App Installer to distribute malware. In addition to ensuring that...

NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0101)

The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public...

SUSE SLES15 / openSUSE 15 Security Update : distribution (SUSE-SU-2023:4974-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4974-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

NewStart CGSL MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2023-0102)

The remote NewStart CGSL host, running version MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities: - The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inne...

SUSE-SU-2023:4974-1 Security update for distribution

This update for distribution fixes the following issues: distribution was updated to 2.8.3 bsc1216491: Pass BUILDTAGS argument to go build Enable Go build tags reference: replace deprecated function SplitHostname Dont parse errors as JSON unless Content-Type is set to JSON update to go 1.20.8 Set...

[SECURITY] Fedora 39 Update: python3.7-3.7.17-4.fc39

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

PT-2023-36301 · Unknown · Distribution

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...

Flatpak: Multiple Vulnerabilities

Background Flatpak is a Linux application sandboxing and distribution framework. Description Multiple vulnerabilities have been discovered in Flatpak. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There ...

Debian: Security Advisory (DSA-5585-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Merge Conflicts PRs in Confluence-Distribution

Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...