OESA-2024-1506 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2024-1508 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

OESA-2024-1507 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...

OESA-2024-1470 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

USN-6733-1 gnutls28 vulnerabilities

It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-28834 It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker cou...

SQL Injection

mautic/core is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input within the Reports bundle. An attacker can retrieve and alter sensitive data, including login credentials, and depending on database permissions, manipulate file systems by injecti...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GnuTLS vulnerabilities (USN-6733-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-1 advisory. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly us...

PT-2024-11537 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: The issue affects logged in users of Mautic, making them vulnerable to an SQL injection vulnerability in the Reports bundle. This vulnerability allows an attacker to...

USN-6727-2 nss regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

USN-6727-1 nss vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

Tag Injection

contao/core-bundle is vulnerable to Tag Injection. The vulnerability is due to insufficient validation within SimpleTokenParser.php, allowing malicious users to inject tags via the form generator in frontend forms if the output is structured in a specific way...

CSS Injection

contao/comments-bundle is vulnerable to CSS Injection. The vulnerability is due to insufficient input validation and sanitization within the BBCode parsing mechanism in Comments.php, allowing attackers to inject CSS styles via comments...

60% of small businesses are concerned about cybersecurity threats

According to a recent poll by the US Chamber of Commerce, 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about...

Important: Red Hat Security Advisory: ACS 4.4 enhancement and security update

Important: Updated images are now available for Red Hat Advanced Cluster Security. Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities...

CVE-2024-2209

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility FUU bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution...

AZL-37108 CVE-2024-28835 affecting package gnutls for versions less than 3.8.3-2

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

ALPINE-CVE-2024-28835

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

DEBIAN-CVE-2024-28835

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...