A patched Windows attack surface is still exploitable

On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege EoP, which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of th...

Quarkus Information Disclosure Vulnerability

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An information disclosure vulnerability exists in Quarkus that stems from the presence of an information disclosure vulnerability...

Fedora: Security Advisory for nekohtml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for tomcat-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jansi-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for maven-native (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: tomcat-native-1.2.36-4.fc40

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

[SECURITY] Fedora 40 Update: nekohtml-1.9.22-26.fc40

NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. The parser can scan HTML files and "fix up" many common mistakes that human and computer authors make in writing HTML documents...

[SECURITY] Fedora 40 Update: maven-native-1.0-0.18.alpha.11.fc40

Maven Native - compile C and C++ source under Maven with compilers such as GCC, MSVC, GCJ etc...

[SECURITY] Fedora 40 Update: jss-5.5.0-1.fc40.1

Java Security Services JSS is a java native interface which provides a brid ge for java-based applications to use native Network Security Services NSS. This only works with gcj. Other JREs require that JCE providers be signed...

[SECURITY] Fedora 40 Update: jni-inchi-0.8-11.fc40

JNI-InChI enables Java software to generate IUPAC's International Chemical Identifiers InChIs by making Java Native Interface JNI calls to the InChI C library developed by IUPAC. All of the features from the InChI library are supported: - Standard and Non-Standard InChI generation from structures...

[SECURITY] Fedora 40 Update: jna-5.14.0-4.fc40

JNA provides Java programs easy access to native shared libraries DLLs on Windows without writing anything but Java code. JNA's design aims to provide native access in a natural way with a minimum of effort. No boilerplate or generated code is required. While some attention is paid to performance...

[SECURITY] Fedora 40 Update: jansi-native-1.8-18.fc40

Jansi is a small java library that allows you to use ANSI escape sequences in your Java console applications. It implements ANSI support on platforms which don't support it like Windows and provides graceful degradation for when output is being sent to output devices which cannot support ANSI...

[SECURITY] Fedora 40 Update: hawtjni-1.18-12.fc40

HawtJNI is a code generator that produces the JNI code needed to implement java native methods. It is based on the jnigen code generator that is part of the SWT Tools project which is used to generate all the JNI code which powers the eclipse platform...

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

Wiz becomes the first CNAPP to provide native security to Akamai Linode Cloud

Wiz customers can now secure everything they build and run on Akamai Linode Cloud, providing organizations the broadest cloud coverage out of any CNAPP...

BIT-PYTHON-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4, and 3.9 through 3.9.0 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading after...

BIT-ENVOY-2021-29492 Bypass of path matching rules using escaped slash characters

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...

BIT-ENVOY-2021-43825 Use-after-free in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

BIT-ENVOY-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...