Category: Alert Feeds

– Post Content – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9114-03 – An update for gnome-shell and gnome-shell-extensions is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9317-03 – An update for NetworkManager is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5809-1 – Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9325-03 – An update for cockpit is now available for Red Hat Enterprise Linux 9. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9331-03 – An update for krb5 is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5811-1 – An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9333-03 – An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5810-1 – Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9439-03 – An update for fontforge is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability. – Read More  – Packet Storm 

– Ubuntu Security Notice 7102-1 – Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. –...

– HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. – Read More  – Packet Storm 

– Ubuntu Security Notice 7100-1 – Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code....

– Debian Linux Security Advisory 5808-1 – Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8692-03 – Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8697-03 – Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8974-03 – Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes. – Read More  – Packet Storm 

– WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5807-1 – Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code. – Read More  – Packet Storm 

– Ubuntu Security Notice 7094-1 – It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If...

– Ubuntu Security Notice 7096-1 – Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 8 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly...

– Ubuntu Security Notice 7097-1 – Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 11 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly...

– Ubuntu Security Notice 7098-1 – Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly...

– Ubuntu Security Notice 7099-1 – Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly...

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8700-03 – Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5805-1 – It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. – Read More  – Packet Storm 

– Debian Linux Security Advisory 5806-1 – A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Post Content – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9015-03 – An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. – Read More  – Packet...

– Red Hat Security Advisory 2024-9016-03 – An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9017-03 – An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. – Read More  – Packet...

– Red Hat Security Advisory 2024-9018-03 – An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-9019-03 – An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. – Read More  – Packet Storm 

– A significant amount of vulnerabilities in the Linux kernel have been resolved that include use-after-free and race conditions. – Read More  – Packet Storm 

– Ubuntu Security Notice 6882-2 – USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information. – Read More  – Packet...

– Debian Linux Security Advisory 5804-1 – The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8694-03 – Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities. – Read More  – Packet Storm 

– Red Hat Security Advisory 2024-8977-03 – An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. – Read More  – Packet Storm 

– While parsing test result XML files with the TestRail CLI, the presence of certain TestRail-specific fields can cause untrusted data to flow into an eval() statement, leading to arbitrary code execution. In order to exploit this, an attacker would need to be able to cause the TestRail CLI to parse a malicious XML file. Normally an attacker with this level...