ALSA-2024:2160 Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...

Amazon Linux AMI : xorg-x11-server (ALAS-2024-1932)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1932 advisory. Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.htmlNOTE:...

[SECURITY] Fedora 39 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

Moderate: Red Hat Bug Fix Advisory: Red Hat Advanced Cluster Management 2.10.2 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.10.2 is now available. Red Hat Advanced Cluster Management for Kubernetes 2.10.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers...

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutel...

Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization

Authored by Damon Cabanillas Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program TX-RAMP authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security...

Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to...

Oracle Fusion Middleware 的 Oracle WebLogic Server 安全漏洞

Oracle Fusion Middleware and Oracle WebLogic Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and more.Oracle WebLogic Server is an application...

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

To minimize the risk of privilege misuse, a trend in the privileged access management PAM solution market involves implementing just-in-time JIT privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting...

OESA-2024-1423 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19330)

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges...

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...

USN-6725-1: Linux kernel vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...

Unspecified Vulnerability in Apache Pulsar (CNVD-2024-24979)

Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication with high scalability, high...

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, and sensitive...

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, an...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2024-45f0a1df95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.11.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

IBM Cloud Pak for Automation CSV Injection Vulnerability

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from International Business Machines IBM. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and...

Fedora: Security Advisory (FEDORA-2024-560a7aca85)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...