Ubuntu: Security Advisory (USN-7166-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-5MPW-4546-2WCR vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, ruby3.2-elasticsearch, elasticsearch, ruby3.3-elasticsearch...

BELL-CVE-2024-50172

Bulletin has no description...

GHSA-Q34M-JH98-GWM2 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, superset, mlflow, emissary, py3-werkzeug, kubeflow-volumes-web-app, airflow-core, kubeflow-pipelines-visualization-server...

BELL-CVE-2024-47675

Bulletin has no description...

RHSA-2016:2923 Red Hat Security Advisory: openstack-cinder and openstack-glance security update

Bulletin has no description...

RHSA-2013:1144 Red Hat Security Advisory: nss, nss-util, nss-softokn, and nspr security update

Bulletin has no description...

GHSA-WH78-7948-358J vulnerabilities

Vulnerabilities for packages: hubble-fips, hubble-ui, hubble-ui-backend-fips, cilium, hubble, cilium-fips...

CVE-2023-41826

A PendingIntent hijacking vulnerability in Motorola Device Help Genie application that could allow local attackers to access files or interact with non-exported software components without permission...

CVE-2023-41826

A PendingIntent hijacking vulnerability in Motorola Device Help Genie application that could allow local attackers to access files or interact with non-exported software components without permission...

CVE-2023-41826

CVE-2023-41826 — A PendingIntent hijacking vulnerability in the Motorola Device Help (Genie) app could allow a local attacker to access files or interact with non-exported components without permission. CVSSv3.1: Local attack, low complexity, no privileges required, no user interaction; confident...

Wiz extends vulnerability scanning support to MacOS instances

Wiz customers can now detect vulnerabilities in MacOS workloads and their software components with agentless scanning, and assess their secure configurations against built-in CIS Benchmarks for Apple MacOS...

CVE-2024-21726

Inadequate content filtering leads to XSS vulnerabilities in various components...

CVE-2024-21725

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

CVE-2024-20934

...

CVE-2024-20908

...

Design/Logic Flaw

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

BELL-CVE-2023-6111

Bulletin has no description...

Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...