PT-2024-2647 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.4 iPadOS versions prior to 17.4 Description: A logic issue was addressed with improved state management. The issue allows a user's locked tabs to be briefly visible while switching tab groups when Locked Private...

Mattermost leaks details of AD/LDAP groups of a teams

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

CVE-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

Code injection

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

CVE-2023-50437

An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2...

CVE-2023-50437

An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2...

PT-2024-2072 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to a lack of proper authorization in requests fetching team-associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team they are not a member of...

Fedora 38 : moodle (2024-d2f180202f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d2f180202f advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

ALPHV is singling out healthcare sector, say FBI and CISA

In an updated StopRansomware security advisory, the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS has warned the healthcare industry about the danger of the ALPHV ransomware group, also known as...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

Cross site scripting

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

Bonitasoft Cross-Site Scripting Vulnerability

Bonitasoft is an open source BPM software from Bonitasoft. A cross-site scripting vulnerability exists in Bonitasoft version v.7.14, which originates from a vulnerability that allows an attacker to execute arbitrary scripts via the Groups Display name field using a crafted payload...

PT-2024-21418 · Bonitasoft · Bonitasoft

Name of the Vulnerable Software and Affected Versions: Bonitasoft, S.A versions prior to 7.14.8 Bonitasoft, S.A versions prior to 7.15.7 Bonitasoft, S.A versions prior to 8.0.3 Bonitasoft, S.A versions prior to 9.0.2 Description: The issue allows attackers to execute arbitrary code via a crafted...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

CVE-2024-26586

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

UBUNTU-CVE-2024-26586

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

CVE-2024-26586 mlxsw: spectrum_acl_tcam: Fix stack corruption

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed...