Fedora 37 : webkitgtk (2023-5210df1dd1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5210df1dd1 advisory. Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard ...

Design/Logic Flaw

PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service DOS vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28...

CVE-2023-24808 Denial Of Service when opening a corrupt PDF file in pdfio

PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service DOS vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28...

Sandfly-Entropyscan - Tool To Detect Packed Or Encrypt ed Binaries Related To Malware, Finds Malicious Files And Linux Processes And Gives Output With Cryptographic Hashes

What is sandfly-entropyscan? sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy measure of randomness and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can...

Publisher’s Weekly Review of A Hacker’s Mind

Publishers Weekly reviewed A Hackers Mind--and its a starred review! "Hacking is something that the rich and powerful do, something that reinforces existing power structures," contends security technologist Schneier Click Here to Kill Everybody in this excellent survey of exploitation. Taking a...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05238)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2023-05240)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator...

USN-5782-2: Firefox regressions

USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...

IBM Security Verify Governance Identity Manager Information Disclosure Vulnerability

IBM Security Verify Governance Identity Manager is an IBM network appliance-based integration that focuses on business-centric rules, activities, and processes.IBM Security Verify Governance Identity Manager version 10.0.1 is vulnerable to An information disclosure vulnerability exists in IBM...

How to Secure Business Processes: Tips & Tricks

By Owais Sultan Cybersecurity has become more significant than ever before. In this article, we will share simple yet vital tips… This is a post from HackRead.com Read the original post: How to Secure Business Processes: Tips & Tricks...

Moderate: Red Hat Security Advisory: Red Hat OpenStack 16.1.9 (openstack-tripleo-heat-templates) security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

[SECURITY] Fedora 36 Update: rr-5.6.0-2.fc36

rr is a lightweight tool for recording and replaying execution of applications trees of processes and threads. For more information, please visit http://rr-project.org...

PT-2022-17038

Name of the Vulnerable Software and Affected Versions qs versions prior to 6.10.3 Express versions prior to 4.17.3 Description The issue allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated...

Maarch RM Access Control Error Vulnerability

Maarch RM is an electronic filing system from Maarch. Streamline your certification processes, scientific and technical control in an efficient and optimized way. An Access Control Error vulnerability exists in Maarch RM 2.8.0 and later, versions prior to 2.8.6, which stems from an application...

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

Schneider Electric Product Numerical Error Vulnerability

The Schneider Electric Modicon M340 is a mid-range PLC programmable logic controller for industrial processes and infrastructure from Schneider Electric, France. The Schneider Electric product suffers from a numeric error vulnerability that originates from a memory access conflict, which can be...

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities,"...

XXE vulnerability on agents in Jenkins SourceMonitor Plugin

SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Publish SourceMonitor results' post-build step to have agent processes parse a crafted file that uses external entities...

CVE-2022-39949

An improper control of a resource through its lifetime vulnerability CWE-664 in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection...

GHSA-HFF2-X2J9-GXGV Keylime: unhandled exceptions could lead to invalid attestation states

Impact This vulnerability creates a false sense of security for keylime users -- i.e. a user could query keylime and conclude that a parcitular node/agent is correctly attested, while attestations are not in fact taking place. Short explanation: the keylime verifier creates periodic reports on th...