org.apache.camel.springboot:camel-itest-spring-boot (>=4.0.0-RC1 <=4.0.6), org.springframework.boot:spring-boot-jarmode-layertools (>=3.1.0 <=3.1.12) potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.1.0 <=3.1.12)

org.springframework.boot:spring-boot-loader MAVEN version =3.1.0, =4.0.0-RC1, =3.1.0, =3.1.12 Source cves: CVE-2024-38807 Source advisory: OSV:GHSA-7CJ3-X93G-GJ76...

io.americanexpress.synapse:sample-function-greeter-gcp (>=0.4.15 <=0.4.16), io.zipkin:zipkin-server (>=3.3.1 <=3.4.1) +3 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader-classic (>=3.3.0 <=3.3.2)

org.springframework.boot:spring-boot-loader-classic MAVEN version =3.3.0, =0.4.15, =3.3.1, =3.3.0, =3.3.13 - org.springframework.cloud:spring-cloud-function-adapter-gcp =4.1.6 - org.springframework.cloud:spring-cloud-function-deployer =4.1.6 Source cves: CVE-2024-38807 Source advisory:...

Signature forgery in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

GHSA-7CJ3-X93G-GJ76 Signature forgery in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

DEBIAN-CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

UBUNTU-CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

CVE-2024-38807 describes a signature forgery vulnerability in VMware Spring Boot/loader components where signature verification of nested JARs can be bypassed, enabling content signed by one signer to appear signed by another. The NVD summary matches this description. Connected advisories identif...

CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

PT-2024-28229

Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.7.0 through 2.7.21 Spring Boot versions 3.0.0 through 3.0.16 Spring Boot versions 3.1.0 through 3.1.12 Spring Boot versions 3.2.0 through 3.2.8 Spring Boot versions 3.3.0 through 3.3.2 Description Applications that use...

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions,...

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

@superdesk/build-tools (>=1.0.0 <=2.0.1), @ucp-npm/components (>=0.0.4-beta <=0.0.19-beta) +5 more potentially affected by CVE-2024-43370 via gettext.js (>=0.5.5 <=1.2.0)

gettext.js NPM version =0.5.5, =1.0.0, =0.0.4-beta, =1.0.0, =1.0.1, =1.0.0, =0.0.6, =0.0.12 - gettext.js-po-loader =0.0.2 Source cves: CVE-2024-43370 Source advisory: OSV:GHSA-VWHG-JWR4-VXGG...

jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

PT-2024-11054 · Amd · Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics +22

Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific software and versions affected. Description: The issue is related to insufficient input validation in the ABL, which may allow a privileged attacker with access to the BIOS menu o...

SUSE CVE-2024-6989

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...