Fedora: Security Advisory (FEDORA-2024-bd9e53683a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: ofono-2.5-1.fc40

oFono.org is a place to bring developers together around designing an infrastructure for building mobile telephony GSM/UMTS applications. oFono includes a high-level D-Bus API for use by telephony applications. oFono also includes a low-level plug-in API for integrating with telephony stacks,...

CVE-2024-22127

SAP NetWeaver Administrator AS Java Administrator Log Viewer plug-in - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on...

mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...

[SECURITY] Fedora 38 Update: bind-dyndb-ldap-11.10-23.fc38

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

DEBIAN-CVE-2023-52563

In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on -hpdnotify callback The EDID returned by drmbridgegetedid needs to be freed...

How to Collect Logs for Veeam Plug-in for IBM Db2

Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for IBM Db2. Solution 1. Collect diagnostic information as documented in the five sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file to t...

The vulnerability of the VMware Enhanced Authentication Plug-in’s authentication module, related to deficiencies in the authentication process, allows attackers to escalate their privileges.

The vulnerability of the VMware Enhanced Authentication Plug-in EAP is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by intercepting Active Directory tickets...

CVE-2024-22250 Session Hijack Vulnerability in Deprecated EAP Browser Plugin

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

CVE-2024-22250

CVE-2024-22250 affects the VMware Enhanced Authentication Plug‑in (EAP). The connected sources describe two related issues: (1) CVE-2024-22250 enables a local attacker with unprivileged access to hijack a privileged EAP session during Windows logon, via the EAP flow used in vCenter web console; a...

mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...

VMware Enhanced Authentication Plug-in Security Vulnerability

The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...

PT-2024-2166 · Vmware +1 · Vmware Enhanced Authentication Plug-In +1

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in affected versions not specified Description: The issue is related to a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. This could allow a malicious actor with...

PT-2024-3532 · Oracle +5 · Mysql Server +4

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to the Server: Audit Plug-in component of Oracle MySQL Server and is caused by inadequate access control. It allows a high-privileg...

The vulnerability of the UPnP SUBSCRIBE Message Handler component in the wireless access points from D-Link, such as the DAP-1650, allows a hacker to execute arbitrary commands.

The vulnerability of the UPnP SUBSCRIBE Message Handler component in the wireless access points from D-Link DAP-1650 is related to improper input validation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using specially crafted data...

Samly security breach

Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...

kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c

A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusbdecexitdvb function because of the lack of a dvbfrontenddetach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a...

JetBrains IntelliJ IDEA Security Vulnerability

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA prior to version 2023.3.3, which stems from the ability of a plug-in for JetBrains Space to send authenticatio...

The vulnerability of the Hitachi Storage Plug-in for VMware vCenter, related to the incorrect use of standard permissions, allows a malicious actor to read and update arbitrary data.

The vulnerability of the Hitachi Storage Plug-in for VMware vCenter is related to the incorrect use of standard permissions. Exploiting this vulnerability allows an attacker to read and update arbitrary data...

File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A File and Directory Permissions Vulnerability exists in Hitachi Storage Plug-in for VMware vCenter. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor...