[SECURITY] Fedora 40 Update: fishbowl-1.4.1-9.fc40

Fishbowl provides helper methods for dealing with exceptions...

[SECURITY] Fedora 40 Update: apiguardian-1.1.2-12.fc40

API Guardian indicates the status of an API element and therefore its level of stability as well. It is used to annotate public types, methods, constructors, and fields within a framework or application in order to publish their API status and level of stability and to indicate how they are...

[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...

TA577 Targeting Windows NTLM Hashes in Global Campaigns

Summary: TA577, a significant cyber threat group, has shifted tactics to steal NTLM authentication data, utilizing thread hijacking and customized HTML attachments. Organizations should block outbound SMB to thwart exploitation and remain vigilant against evolving attack methods. Threat Level - R...

BIT-DISCOURSE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

CVE-2024-24785

The CVE-2024-24785 issue affects Go’s html/template: if MarshalJSON methods return errors containing user-controlled data, the contextual auto-escaping can be bypassed, allowing injection into templates (impact described across multiple advisories). Affected entitys center on golang/html/template...

PT-2024-6388 · Xiaomi +3 · Xiaomi +3

Name of the Vulnerable Software and Affected Versions: MediaTek Wi-Fi chipsets affected versions not specified Description: The issue is related to a buffer overflow caused by improper input validation in the wlan service, which could lead to remote code execution with no additional execution...

Integer overflow in chunking helper causes dispatching to miss elements or panic

Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...

Integer overflow

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CISA and Partners Release Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities

Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways: Federal Bureau of Investigation FBI Multi-State Information Sharing & Analysis Center MS-ISAC Australian Signals...

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

Information disclosure

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

PT-2024-40642 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.github.javaparser.GeneratedJavaParser.Expression class and methods within...

Managing Cyber Risk for Under-Pressure CISOs

Overworked CISOs are struggling to deliver the cybersecurity results their organizations expect. Fortunately, there are concrete and practical ways they can make their lives easier—while managing cyber risk effectively...

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SUSE: Security Advisory (SUSE-SU-2024:0558-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0558-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and '[email protected]' when configuring custom method list. bsc1218971, CVE-2023-48795 The strict-kex extension is announced in the list of available KEX methods. However, when the...