@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @beliantech/bt-components (>=0.8.0 <=0.33.11) +103 more potentially affected by CVE-2024-43368 via trix (>=0.10.2 <=2.1.19)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.1.0, =0.2.0, =1.0.0, =1.1.1-beta.44 and more Source cves: CVE-2024-43368 Source advisory: OSV:GHSA-QM2Q-9F3Q-2VCV...

Fedora: Security Advisory (FEDORA-2024-4fcf85b0ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: nss-3.103.0-1.fc39

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caus...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ v10.0.9. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive...

Fuzzy matching with Ghidra BSim, a guide

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. Rapidly identify and annotate functions from known libraries. Fuzzy matching works with unknowns, like exact library versions and compiler options. Automatically define custom variable...

Clariti Manager - Outdated JavaScript Libraries In-Use

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. The recommendation is to update an impacted device to firmware build 10.12.0.2100 or later. Customers can...

CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js (CVE-2024-35255, CVE-2024-37168)

Summary IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

com.aoapps:ao-appcluster-all (=2.0.1), com.aoapps:ao-appcluster-core (=2.0.1) +239 more potentially affected by CVE-2023-50868 via dnsjava:dnsjava (>=3.5.0 <=3.5.3)

dnsjava:dnsjava MAVEN version =3.5.0, =1.3.1, =1.3.1, =1.3.1, =0.3.2-patch6, =6.3.2, =1.1.1, =2.5.9, =2.5.9, =2.1.4, =2.1.4, =2.1.4, =1.0, =1.2 and more Source cves: CVE-2023-50868 Source advisory: OSV:GHSA-MMWX-RJ87-VFGR...

DNSJava DNSSEC Bypass

Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...

[SECURITY] Fedora 40 Update: dotnet6.0-6.0.132-1.fc40

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan RAT called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense...

[SECURITY] Fedora 40 Update: dotnet8.0-8.0.105-1.fc40

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +64 more potentially affected by CVE-2024-38372 via undici (>=6.14.1 <=6.19.1)

undici NPM version =6.14.1, =18.0.0, =18.0.0, =1.2.0, =0.1.0, =2.1.0, =2.3.0, =1.1.1, =19.1.0, =10.0.20, =1.0.12, =2.1.1-dev.1717589072-346d1be72, =2.4.0-dev.1717589083-346d1be72, =2.4.0-dev.1724328261-ec9080b88 - @draftbot/discord.js =14.15.3 - @draftbot/rest =2.3.0 and more Source cves:...

GO-2024-2918 Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity...

Updated python-imageio packages fix security vulnerability

imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future,...

PT-2024-41055 · Pypi · Imageio

Name of the Vulnerable Software and Affected Versions: imageio affected versions not specified Description: The issue concerns the imageio library, which can download shared freeimage libraries from a GitHub repository. Since the code fetches directly from the master branch without verifying the...

GO-2024-2941 ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik...