GHSA-7MX2-7Q8P-PGMW Symfony may allow a user to switch to using another user's identity

Symfony 2.0.6 has just been released. It addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge. If you let your users update their login/username from a form, and if you are using Doctrine as a user provider, then you are vulnerable and you should upgrade...

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2024:1845-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1845-1 advisory. Update to Java 8.0 Service Refresh 8 Fix Pack 25 bsc1223470: - CVE-2023-38264: Fixed Object Request Broker ORB denial of service...

frr security update

7.5.1-22.0.1 - Fix POSTIN scriptlet Orabug: 34712485 - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgpflowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgplabel.c - Resolves: RHEL-15869 - crash from specially crafted MPUNREACHNLRI-containing BGP UPDATE message - Resolves:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a pre-refresh issue when attaching to a file in direct write mode...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: A...

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This...

PT-2024-40420 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 4.1.26 Description: The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true...

CVE-2023-27321

OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this...

CVE-2023-39477

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel due to a missing version of "activeio" at refresh time...

kernel: cifs: fix use-after-free bug in refresh_cache_worker()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...

GO-2024-2744 Access control change may take longer than expected in github.com/authelia/authelia/v4

If the file authentication backend is being used, the ewatch option is set to true, the refresh interval is configured to a non-disabled value, and an administrator changes a user's groups, then that user may be able to access resources that their previous groups had access to...

Tenda W15E 安全漏洞

Shenzhen Jixiang Tengda Technology Co., Ltd W15E is a wireless router. A security vulnerability exists in Shenzhen Jixiang Tengda Technology Co., Ltd W15E version 15.11.0.14, which stems from a buffer overflow vulnerability in the qosGuestDownstream parameter of the guestWifiRuleRefresh method. N...

GHSA-X883-2VMG-XWF7 Authelia's Group Changes may not have the expected results (YAML file backend)

Impact Under very specific conditions changes to a users groups may not have the expected results. The specific conditions are: The file authentication backend is being used. The watch option is set to true. The refreshinterval is configured to a non-disabled value. The users groups are adjusted ...

PT-2024-40005 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue allows access to the platform despite authentication being enabled, as previously logged-in sessions remain valid. The expected behavior is that all previously connected...

CVE-2023-47622

CVE-2023-47622 affects the iTop IT service management platform. According to multiple sources, when dashlets are refreshed, an XSS vulnerability can be triggered due to inadequate input handling in the dashboard/dashlet context. The vulnerability is fixed in versions 3.0.4 and 3.1.1. Reports from...

CVE-2023-47622 iTop vulnerable to XSS vulnerability in dashlet refresh

iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1...

CVE-2023-47622 iTop vulnerable to XSS vulnerability in dashlet refresh

iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1...

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 3.0.4 and 3.1.1 that stems from a cross-site scripting attack that may occur when the dashlet is refreshed...

CVE-2024-31205

Saleor CVE-2024-31205 describes a CSRF bypass in the refreshToken mutation on versions before fixed patches: affected are 3.10.0–3.14.63, 3.15.0–3.15.38, 3.16.0–3.16.38, 3.17.0–3.17.34, 3.18.0–3.18.30, and 3.19.0–3.19.18. An attacker could bypass CSRF validation when refreshToken is an empty stri...