UBUNTU-CVE-2021-47160

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCRMATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlanfiltering 1 ip link...

Fedora: Security Advisory (FEDORA-2024-1c5e37820f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: ceph-18.2.2-1.fc40

Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...

Distributed Cloud and Edge Computing: A Cheat Sheet for IT Leaders

...

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 3.1.1 operator/operand containers

Red Hat OpenShift distributed tracing 3.1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

Apache Dolphinscheduler Arbitrary File Read Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache Dolphinscheduler suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

PT-2024-21066 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea PAM Secret Server version 11.4 Distributed Engine version 8.4.3 Description: The issue allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the "/pre-authenticate",...

CVE-2024-25650

CVE-2024-25650 describes an insecure key exchange between Delinea PAM Secret Server 11.4 and Distributed Engine 8.4.3, where a PAM administrator can obtain the Symmetric Key used to encrypt RabbitMQ messages by crafting payloads to the REST endpoints “/pre-authenticate”, “/authenticate”, and “/ex...

USN-6688-1: Linux kernel (OEM) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

The vulnerability of the DSA (Distributed Switch Architecture) subsystem of the Linux operating system in the functions dsa_user_changeupper() and dsa_user_prechangeupper(), allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the DSA Distributed Switch Architecture subsystem of the Linux operating system is related to memory access beyond the allocated buffer in the functions dsauserchangeupper and dsauserprechangeupper in the net/dsa/user.c module. Exploiting this vulnerability can allow an...

[SECURITY] Fedora 40 Update: testng-7.8.0-5.fc40

TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality, including flexible test configuration, and distributed test running. It is designed to cover unit tests as well as functional, end-to-end, integration, etc...

[SECURITY] Fedora 40 Update: ceph-18.2.1-10.fc40

Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, "target WordPress websites from the browsers of completely innocent and...

BIT-MINIO-2023-28432 Minio Information Disclosure in Cluster Deployment

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...

BIT-JUPYTERHUB-2021-41247 incomplete logout in JupyterHub

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

Fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...