CLSA-2024-1730801437 openssl: Fix of CVE-2024-5535

CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...

New Teams Deployment Guidance for App Layering or User Personalization Layer(UPL)

Microsoft Teams 2.x has changed its installation method and now installs under C:\Program Files\WindowsApps. Based on those changes this article provides the specific steps for the deployment of the Teams 2.x in an App LayeringAL or User Personalization LayerUPL environment. For the most current...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.3 security update

Red Hat OpenShift Container Platform release 4.17.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

CVE-2024-44144

creationtimestamp| type| source ---|---|--- 2024-10-28 21:39:15+00:00| seen| None...

[SECURITY] Fedora 41 Update: libdigidocpp-4.0.0-1.fc41

Libdigidocpp library offers creating, signing and verification of digitally signed documents, according to XAdES and XML-DSIG standards. Documentation http://open-eid.github.io/libdigidocpp...

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...

NuGet Package 'Betalgo.OpenAI' Detection

The remote host has a 'Betalgo.OpenAI' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

UBUNTU-CVE-2024-46478

HTMLDOC v1.9.18 contains a buffer overflow in parsepre function,ps-pdf.cxx:5681...

Cisco NX-OS Improper Isolation or Compartmentalization (CVE-2024-20285)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

Cisco NX-OS Protection Mechanism Failure (CVE-2024-20284)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of...

Unbreakable Enterprise kernel security update

5.15.0-301.163.5.2 - mm: avoid leaving partial pfn mappings around in error case Linus Torvalds Orabug: 37174198 CVE-2024-47674 - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' Dave Kleikamp Orabug: 37144820 - Revert 'irqchip/gic-v3: Move partitioncreatedes...

[SECURITY] Fedora 41 Update: containers-common-0.60.4-4.fc41

This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...

[SECURITY] Fedora 40 Update: libdigidocpp-4.0.0-1.fc40

Libdigidocpp library offers creating, signing and verification of digitally signed documents, according to XAdES and XML-DSIG standards. Documentation http://open-eid.github.io/libdigidocpp...

Oracle Linux 9 : kernel (ELSA-2024-8162)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8162 advisory. - gfs2: Fix NULL pointer dereference in gfs2logflush CKI Backport Bot RHEL-51561 RHEL-51559 CVE-2024-42079 - KVM: SVM: WARN on vNMI + NMI window iff NM...

Malicious code in coinbase-smart-wallet-documentation (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9560 Malicious code in coinbase-smart-wallet-documentation (npm)

--- -= Per source details. Do not edit below this line.=-...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.3 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2024-43506

creationtimestamp| type| source ---|---|--- 2024-10-08 17:54:47+00:00| seen| https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review...

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2068 GNOME Project G Structured File Library libgsf Compound Document Binary File Directory integer overflow vulnerability October 3, 2024 CVE Number CVE-2024-36474 SUMMARY An integer overflow vulnerability exists in the Compound Document Binary File format...

GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...