CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

SUSE-SU-2024:0543-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and '[email protected]' when configuring custom method list. bsc1218971, CVE-2023-48795 The strict-kex extension is announced in the list of available KEX methods. However, when the...

Raccoon Infostealer operator extradited to the United States

A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced. In March 2022, around the same ti...

Water Hydra Exploits CVE-2024-21412 to Target Financial Traders

Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...

The vulnerability in the `src/libgit2/revparse.c` component of the Git methods implemented in the C language, Libgit2, allows a hacker to cause a service failure.

The vulnerability in the src/libgit2/revparse.c component, which implements Git methods in the C language, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

[SECURITY] Fedora 38 Update: libgit2-1.6.5-1.fc38

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Type confusion

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The CVE-2024-23756 issue affects Plone official Docker version 5.2.13 (5221) where HTTP PUT and DELETE methods are enabled, allowing unauthenticated attackers to upload or delete files on the server. Descriptions across multiple sources corroborate that the vulnerability enables dangerous actions...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

Spoofing

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...