Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions
Monthly Archives: February 2024
USN-6305-2: PHP vulnerabilities
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
Business Logic Abuse Dominates as API Attacks Surge
Imperva finds attacks targeting API business logic increased to 27% in 2023
cpp-jwt-1.4-7.el8
FEDORA-EPEL-2024-16cf23e0e6
Packages in this update:
cpp-jwt-1.4-7.el8
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.fc38
FEDORA-2024-d76e37ba62
Packages in this update:
cpp-jwt-1.4-7.fc38
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.el9
FEDORA-EPEL-2024-1cefeeb8f5
Packages in this update:
cpp-jwt-1.4-7.el9
Update description:
Fix side channel vulnerability
cpp-jwt-1.4-7.fc39
FEDORA-2024-56fbd2cbfa
Packages in this update:
cpp-jwt-1.4-7.fc39
Update description:
Fix side channel vulnerability
USN-6660-1: OpenJDK 11 vulnerabilities
Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 11 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 11 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
Valentin Eudeline discovered that OpenJDK 11 incorrectly handled certain
options in the Nashorn JavaScript subcomponent. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2024-20926)
It was discovered that OpenJDK 11 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 11 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
USN-6662-1: OpenJDK 21 vulnerabilities
Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly
handled array accesses in the C1 compiler. An attacker could possibly
use this issue to cause a denial of service, execute arbitrary code or
bypass Java sandbox restrictions. (CVE-2024-20918)
It was discovered that the Hotspot component of OpenJDK 21 did not
properly verify bytecode in certain situations. An attacker could
possibly use this issue to bypass Java sandbox restrictions.
(CVE-2024-20919)
It was discovered that the Hotspot component of OpenJDK 21 had an
optimization flaw when generating range check loop predicates. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)
It was discovered that OpenJDK 21 could produce debug logs that contained
private keys used for digital signatures. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2024-20945)
Hubert Kario discovered that the TLS implementation in OpenJDK 21 had a
timing side-channel and incorrectly handled RSA padding. A remote attacker
could possibly use this issue to recover sensitive information.
(CVE-2024-20952)
nginx-mainline-3820240218193500.f38
FEDORA-MODULAR-2024-deafa21e1d
Packages in this update:
nginx-mainline-3820240218193500.f38
Update description:
Contains fixes for vulnerabilities in HTTP/3 (CVE-2024-24989, CVE-2024-24990).