CVE-2024-2197 Chirp Systems Chirp Access Use of Hard-coded Password

The Chirp Access app contains a hard-coded password, BEACONPASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable...

CVE-2024-2197 Chirp Systems Chirp Access Use of Hard-coded Password

The Chirp Access app contains a hard-coded password, BEACONPASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable...

CVE-2021-47127

In the Linux kernel, the following vulnerability has been resolved: ice: track AFXDP ZC enabled queues in bitmap Commit c7a219048e45 "ice: Remove xskbuffpool from VSI structure" silently introduced a regression and broke the Tx side of AFXDP in copy mode. xskpool on icering is set only based on t...

CLSA-2024-1710437080 bind: Fix of 2 CVEs

CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3 - Enable internal tests by default...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 PDF The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

GHSA-XP2R-G8QQ-44HH Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is...

CVE-2024-27135

A vulnerability in Apache Pulsar allows a malicious authenticated user to perform remote arbitrary code execution on Pulsar's function worker. A successful attack impacts the data integrity and confidentiality, as well as system availability. Pulsar broker is also susceptible to this attack when...

RLSA-2024:0786 Moderate: nss security update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: vulnerable to Minerva side-channel information leak CVE-2023-6135 For more details about the security issues, including t...

March 12, 2024—KB5035885 (Monthly Rollup)

March 12, 2024—KB5035885 Monthly Rollup IMPORTANT If you plan to install this update on a domain controller DC, we highly recommend that you install update KB5037426 instead March 22, 2024. This out-of-band update addresses a known issue that affects the Local Security Authority Subsystem Service...

March 12, 2024—KB5035930 (Monthly Rollup)

March 12, 2024—KB5035930 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...

PT-2024-2609 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.4.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to...

PT-2024-2611 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.10.6 Apache Pulsar versions prior to 2.11.4 Apache Pulsar versions prior to 3.0.3 Apache Pulsar versions prior to 3.1.3 Apache Pulsar versions prior to 3.2.1 Description: The issue is related to the Pulsar...

CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

BIT-MONGODB-2021-32037 User may trigger invariant when allowed to send commands directly to shards

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shar...

AZL-55463 CVE-2022-48628 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice DoJ on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including th...

CVE-2021-47025

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtkiommuruntimeresume always enable the clk, even if m4udom is null. Otherwise the 'suspend' cb might disable the clk which is already disabled causing the warning: 1.586104...

CVE-2021-46918

A flaw was found in the Linux Kernel. The current code leaves the MSIX enabled and the pasid entries still programmed at device shutdown. Add disabling/clearing of MSIX permission entries on device shutdown to mirror the enabling of the MSIX entries on probe...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from allowing the WQ size to be changed when the device is enabled but WQ is disabled...