SUSE CVE-2015-1869

The default event handling scripts in Automatic Bug Reporting Tool ABRT allow local users to gain privileges as demonstrated by a symlink attack on a varlogmessages file...

SUSE CVE-2015-3142

The kernel-invoked coredump processor in Automatic Bug Reporting Tool ABRT does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application...

SUSE CVE-2015-3159

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges...

SUSE CVE-2015-5273

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...

What new is coming in reactor-core 3.6.0?

Reactor 3.6.0 is coming and going to be GA on November 14. This blogpost describes new features that are included in this upcoming release! Virtual Threads support Today, everyone talks about Java 21 and Project Loom. The Project Reactor team hears that and sees value in that project within our...

CVE-2023-45803

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...

The Haunted House of IoT: When Everyday Devices Turn Against You

In todays interconnected world, the Internet of Things IoT promises convenience and innovation. From smart fridges that tell you when youre out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to...

Important: Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update

This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report

We are excited to share that Microsoft has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023. Microsoft received the highest possible scores in the strategy category for the vision and roadmap criteria. Forrester notes, “Microsoft’s outstanding roadmap for endpoint security...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

CVE-2023-45803 Request body not stripped after redirect in urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

Automatic Systems SOC FL9600 FastLine Trust Management Issue Vulnerability

Automatic Systems SOC FL9600 FastLine is a device from Automatic Systems. Automatic-Systems SOC FL9600 FastLine version V06 suffers from a trust management issue vulnerability that originates from hard-coded logins and passwords containing a super administrator...

Automatic Systems SOC FL9600 FastLine Path Traversal Vulnerability

Automatic Systems SOC FL9600 FastLine is a device from Automatic Systems. A path traversal vulnerability exists in Automatic Systems SOC FL9600 FastLine version V06, which stems from a directory traversal vulnerability...

CVE-2023-5563

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIGCANAUTOBUSOFFRECOVERY=y. This results in calling ksleep in IRQ context, causing a fatal exception...

WordPress 6.3.2 Security Release – What You Need to Know

WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to potentially allow site takeove...

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, were pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains a...