CVE-2024-47984

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention ...

HUAWEI HarmonyOS和EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An improper access control vulnerability exists in Huawei EMUI and HarmonyOS, which can be exploited by an attack...

org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK,...

SUSE-SU-2024:4053-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release bsc1233313 - CVE-2024-21853: Faulty finite state machines FSMs in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially...

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

CVE-2024-38819

A flaw was found in the Spring Framework. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. This flaw allows an attacker to craft malicious HTTP requests and obtain any file on the file system that is also...

The vulnerability of the functional web framework WebFlux.fn within the Spring Framework allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.fn in the Spring Framework is due to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework allows a attacker to gain access to any file in the file system.

The vulnerability of the functional web frameworks WebMvc.fn and WebFlux.f of the Spring Framework is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to access any file in the file system...

Three Recommendations for Creating a Risk-Based Detection and Response Program

It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. "Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on jus...

Update 23.10 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 (Application Build 23.10.22604, Platform Build 23.0.22561)

Update 23.10 for Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Application Build 23.10.22604, Platform Build 23.0.22561 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes a vulnerability. For more informatio...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / Open JDK Version 17, OpenJ9 used by DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

SUSE: Security Advisory (SUSE-SU-2024:3095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : mozilla firefox -- protocol information guessing (aa1c7af9-570e-11ef-a43e-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the aa1c7af9-570e-11ef-a43e-b42e991fc52e advisory. [email protected] reports: By monitoring the time certain operations take, an attacker could have...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

Android Security Bulletin—July 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Pixel Update Bulletin—May 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2024-05-05 or later address all issues in this bulletin and all issues in the May 2024 Android Security...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...

CVE-2024-36912 Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...