JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.

Read More

FEDORA-2023-8dd1a1a2e6

Packages in this update:

rubygem-rmagick-5.2.0-2.fc37

Update description:

A security flaw was found on rubygem-rmagick that Magick::Draw causes memleak. This issue is assigned as CVE-2023-5349. This new rpm fixes this issue.

Read More

Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.

https://security-tracker.debian.org/tracker/DSA-5543-1

Read More

Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.

https://security-tracker.debian.org/tracker/DSA-5544-1

Read More

Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.

Read More

Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More