[SECURITY] Fedora 41 Update: clamav-1.0.7-1.fc41

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

...

Smart home security advice. Ring, SimpliSafe, Swann, and Yale

Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you're looking to monitor your property remotely, enhance your home's security, or see who’s at the front door, this guide will provide you with valuable insights. We have...

Fedora: Security Advisory (FEDORA-2023-3256575fc8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-1bbea3700b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

WordPress Plugin Automatic Config Change To Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Plugin Automatic Config Change to RCE', 'Description' = %q This module exploits an unauthenticated arbitrary wordpress options change...

HTTP Client Automatic Exploiter 2 (Browser Autopwn)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HTTP Client Automatic Exploiter 2 Browser Autopwn", 'Description' = %q This module will automatically serve browser exploits. Here are the option...

gnome-shell: code execution in portal helper

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

SUSE CVE-2024-42129

In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devmmutexinit for mutex initialization In this driver LEDs are registered using devmledclassdevregister so they are automatically unregistered after module's remove is done. ledclassdevunregister calls module's...

PT-2024-38370 · Forip Tecnologia · Forip Tecnologia Administração Pabx

Name of the Vulnerable Software and Affected Versions: ForIP Tecnologia Administração PABX versions 1.x Description: A critical issue affects some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the user argument leads to SQL injection...

UBUNTU-CVE-2024-42128

In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devmmutexinit for mutex initialization In this driver LEDs are registered using devmledclassdevregister so they are automatically unregistered after module's remove is done. ledclassdevunregister calls module'...

CVE-2024-5969

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...

CVE-2024-5969

The CVE-2024-5969 entry concerns the WordPress plugin AIomatic - Automatic AI Content Writer, affected versions up to and including 2.0.5. Multiple connected sources describe an unauthenticated arbitrary email-sending vulnerability in the aiomatic_send_email function, reachable via AJAX, allowing...

CVE-2024-0760

A flaw was found in the bind9 package, where a malicious client may send many DNS messages over the TCP protocol, leading to instabilities on the server side and potentially causing a denial of service. The server will recover automatically once the attack ceases. Mitigation Mitigation for this...

RUSTSEC-2024-0358 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...

[SECURITY] Fedora 40 Update: suricata-7.0.6-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

How to Create a Designated Update Virtual Machine and Add a Host Connection to Hosts Node

This article explains how to create a designated Update Virtual Machine VM and add a host connection to the Hosts node. Note : This article is part 1 of the three articles on how to manage vDisk for automatic updates. 1. CTX137757 – How to Create a Designated Update Virtual machine and adding a...

How to Use Multiple Activation Key (MAK) Activation with Automatic Updates

This article describes how to use Multiple Activation Key MAK Windows OS Activation with Automatic Updates. Note: For Provisioning Server 6.x and 7.x environments, using vDisk versioning is the preferred method to update MAK-enabled image. MAK activation for Microsoft Office products isNOT...

How to Configure Automatic Virtual Disk Updates

This article contains information about how to use the Provisioning Services Automatic vDisk Update process. Background The vDisks assigned to the clients during the Automatic vDisk Update process are new versions of the vDisks currently assigned to the clients; allowing for the automatic...