StimulusReflex Security Vulnerability

StimulusReflex is a system that extends the functionality of Rails and Stimulus by intercepting user interactions and passing them to Rails via a live websocket. A security vulnerability exists in StimulusReflex 3.4.1 and earlier, 3.5.0.rc3 and earlier, which stems from a vulnerability that allow...

Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: R-rJava-1.0.6-9.fc40

Low-level interface to Java VM very much like .C/.Call and friends. Allows creation of objects, calling methods and accessing fields...

[SECURITY] Fedora 40 Update: maven-shared-utils-3.4.2-7.fc40

This project aims to be a functional replacement for plexus-utils in Maven. It is not a 100% API compatible replacement though but a replacement with improvements: lots of methods got cleaned up, generics got added and we dropp ed a lot of unused code...

[SECURITY] Fedora 40 Update: jsoup-1.17.2-2.fc40

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern...

[SECURITY] Fedora 40 Update: jakarta-interceptors-2.0.0-12.fc40

Jakarta Interceptors defines a means of interposing on business method invocations and specific events=EF=BF=BD=EF=BF=BD=EF=BF=BDsuch as lifecycle e vents and timeout events=EF=BF=BD=EF=BF=BD=EF=BF=BDthat occur on instances of Jakarta EE compon ents and other managed classes...

[SECURITY] Fedora 40 Update: fishbowl-1.4.1-9.fc40

Fishbowl provides helper methods for dealing with exceptions...

[SECURITY] Fedora 40 Update: apiguardian-1.1.2-12.fc40

API Guardian indicates the status of an API element and therefore its level of stability as well. It is used to annotate public types, methods, constructors, and fields within a framework or application in order to publish their API status and level of stability and to indicate how they are...

[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...

TA577 Targeting Windows NTLM Hashes in Global Campaigns

Summary: TA577, a significant cyber threat group, has shifted tactics to steal NTLM authentication data, utilizing thread hijacking and customized HTML attachments. Organizations should block outbound SMB to thwart exploitation and remain vigilant against evolving attack methods. Threat Level - R...

BIT-DISCOURSE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

CVE-2024-24785

The CVE-2024-24785 issue affects Go’s html/template: if MarshalJSON methods return errors containing user-controlled data, the contextual auto-escaping can be bypassed, allowing injection into templates (impact described across multiple advisories). Affected entitys center on golang/html/template...

PT-2024-6388 · Xiaomi +3 · Xiaomi +3

Name of the Vulnerable Software and Affected Versions: MediaTek Wi-Fi chipsets affected versions not specified Description: The issue is related to a buffer overflow caused by improper input validation in the wlan service, which could lead to remote code execution with no additional execution...

Integer overflow in chunking helper causes dispatching to miss elements or panic

Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...

Integer overflow

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CISA and Partners Release Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities

Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways: Federal Bureau of Investigation FBI Multi-State Information Sharing & Analysis Center MS-ISAC Australian Signals...

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

Information disclosure

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...