271 matches found
fence-agents security and bug fix update
4.2.1-129 - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 4.2.1-127 - fencescsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 - fencezvmip:...
May 7, 2024, update for Outlook 2016 (KB5002593)
May 7, 2024, update for Outlook 2016 KB5002593 This article describes update 5002593 for Microsoft Outlook 2016 that was released on May 7, 2024. Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...
Pouring Acid Rain
Pouring Acid Rain By Trellix · April 30, 2024 This blog was written by Max Kersten In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. The...
The vulnerability of the PAN-OS operating system, related to the occurrence of interpretation conflicts, allows attackers to disrupt the decoding process of traffic.
The vulnerability of the PAN-OS operating system is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disrupt the traffic decryption process...
Rockwell Automation Arena Simulation Software 缓冲区错误漏洞
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A heap buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to...
The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications, related to interpretation conflicts, allows attackers to bypass authentication procedures.
The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures using a specially crafted HTTP reques...
Denial Of Service (DOS)
github.com/stacklok/minder is vulnerable to Denial-of-service. The vulnerability due to improper validation of repository IDs during registration. This allows an attacker to register a repository with an invalid or differing upstream ID, causing Minder to inaccurately report the repository as...
CVE-2024-27093
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...
A New Age of Hacktivism
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joini...
UBUNTU-CVE-2024-0410
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
Apache Answer 竞争条件问题漏洞
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...
The vulnerability of the Netty network programming framework arises from the existence of interpretation conflicts, which allow attackers to disclose and modify protected information.
The vulnerability of the Netty network programming framework is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a remote attacker to disclose and modify the protected information...
CISO: Top 10 Trends for 2024
I recently hosted and moderated a distinguished panel of Chief Information Security Officers CISOs - Nitin Raina, CISO at ThoughtWorks, Mike Wilkes, former CISO at Marvel and Yogesh Badwe, CSO at Druva. We discussed major trends for 2024 across an array of topics including the evolving threat...
Merge Conflicts PRs in Confluence-Distribution
Merge conflicts PRs in Confluence-Distribution after synchrony update PRs...
How to identify VRID Conflicts.
Explain VRID conflicts and how to identify them...
SUSE-SU-2023:4582-1 Security update for slurm_22_05
This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...
SUSE-SU-2023:4581-1 Security update for slurm_22_05
This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...
SUSE-SU-2023:4580-1 Security update for slurm_22_05
This update for slurm2205 fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents bsc1216207. Bug fixes: - Add missing dependencies to slurm-config to...
SUSE-SU-2023:4513-1 Security update for apache2-mod_jk
This update for apache2-modjk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from moduniqueid. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. Don't delegate the generatation of the response body to httpd...
The vulnerability of the Suricata intrusion detection and prevention system, related to the occurrence of interpretation conflicts, allows an intruder to bypass or neutralize any signature based on the TCP protocol.
The vulnerability of the Suricata intrusion detection and prevention system is related to the occurrence of interpretation conflicts. Exploiting this vulnerability allows a remote attacker to bypass or neutralize any TCP-based signature, by intercepting the TCP segment...