practical-patient-care.com Cross Site Scripting vulnerability OBB-3943256

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Managing Cyber Risk for Under-Pressure CISOs

Overworked CISOs are struggling to deliver the cybersecurity results their organizations expect. Fortunately, there are concrete and practical ways they can make their lives easier—while managing cyber risk effectively...

[SECURITY] Fedora 39 Update: freeglut-3.4.0-7.fc39

freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. GLUT was originally written by Mark Kilgard to support the sample programs in the second edition OpenGL 'RedBook'. Since then, GLUT has been used in a wide varie...

A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics...

practical-shooter.com Improper Access Control vulnerability OBB-3807310

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...

Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive

We’ve told you about ransomware-as-a-service RaaS gangs; we’ve told you about living off the Land LOTL attacks. What do you get when you bring the two together? Bad news. Our recent report, Threat Brief: Ransomware Gangs & Living Off the Land Attacks, takes a deep dive into why the intersection o...

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM Data Security Posture Management emerges as a comprehensive...

Discover 2023's Cloud Security Strategies in Our Upcoming Webinar - Secure Your Spot

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar:...

Digital security sessions at Microsoft Ignite to prepare you for the era of AI

Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...

CVE-2023-45024

Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...

CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

CVE-2023-41259

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

CVE-2023-41259

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

Information disclosure

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call...

CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

CVE-2023-45024

Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...

CVE-2023-45024

Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...

CVE-2023-45024

CVE-2023-45024 affects Best Practical Request Tracker (RT) 5.x, with information disclosure via a transaction search in the transaction query builder. The vulnerability is associated with RT versions before 5.0.5, as cited in multiple sources (NVD entry for CVE-2023-45024 and related advisories)....

CVE-2023-41260

CVE-2023-41260 affects Best Practical Request Tracker (RT) prior to 4.4.7 and RT 5.x prior to 5.0.5, enabling information exposure in responses to mail-gateway REST API calls. Public references indicate fixes in RT 4.4.7 and RT 5.0.5, with Debian LTS patching RT 4.4.3-2+deb10u3. No exploitation d...