Complaint alleges company overstated security posture and understated risks
Yearly Archives: 2023
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.
rubygem-rmagick-5.2.0-2.fc37
FEDORA-2023-8dd1a1a2e6
Packages in this update:
rubygem-rmagick-5.2.0-2.fc37
Update description:
A security flaw was found on rubygem-rmagick that Magick::Draw causes memleak. This issue is assigned as CVE-2023-5349. This new rpm fixes this issue.
DSA-5543-1 open-vm-tools – security update
Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.
DSA-5544-1 zookeeper – security update
Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.
DSA-5543 open-vm-tools – security update
Two security issues have been discovered in the Open VMware Tools, which
could result in privilege escalation.
DSA-5544 zookeeper – security update
Damien Diederen discovered that SASL quorum peer authentication within
Zookeeper, a service for maintaining configuration information, was
insufficiently enforced in some configurations.