CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability These...

PT-2024-21355 · Unknown · Recrystallize Server

Name of the Vulnerable Software and Affected Versions: ReCrystallize Server version 5.10.0.0 Description: The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within...

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials DBSC to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an op...

keycloak: XSS via assertion consumer service URL in SAML POST-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

Server-Side Request Forgery (SSRF)

org.apache.cxf, cxf-rt-databinding-aegis is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due improper URL sanitisation which allows an attacker to perform SSRF attacks on web services that take at least one parameter of any type. Users of other data bindings, including the...

CVE-2024-28252 CoreWCF NetFraming based services can leave connections open when they should be closed

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can...

PT-2024-22368 · Corewcf · Corewcf

Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...

The vulnerability of the onNullBinding function in the TileLifecycleManager.java file of the Android operating system allows a hacker to escalate their privileges.

The vulnerability of the onNullBinding function in the TileLifecycleManager.java file of the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain increased privileges...

SUSE CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

UBUNTU-CVE-2024-26620

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

Fedora: Security Advisory for mecab-java (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jaxb-api (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jackson-annotations (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for sdljava (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jaxb-api2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: mecab-java-0.996-8.fc40

Java binding for MeCab...

[SECURITY] Fedora 40 Update: jaxb-api-4.0.1-5.fc40

The Jakarta XML Binding provides an API and tools that automate the mapping between XML documents and Java objects...

[SECURITY] Fedora 40 Update: jaxb-api2-2.3.3-10.fc40

The Jakarta XML Binding provides an API and tools that automate the mapping between XML documents and Java objects...

[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40

The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

[SECURITY] Fedora 40 Update: jackson-annotations-2.16.1-3.fc40

Core annotations used for value types, used by Jackson data-binding package...