Okta has issued customers with new advice on how to block mounting credential stuffing attacks
Monthly Archives: April 2024
ZDI-24-416: Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-51633.
tpm2-tools-5.7-1.fc40 tpm2-tss-4.1.0-1.fc40
FEDORA-2024-0c9d3b51d4
Packages in this update:
tpm2-tools-5.7-1.fc40
tpm2-tss-4.1.0-1.fc40
Update description:
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
tpm2-tools-5.5.1-1.fc39 tpm2-tss-4.0.2-1.fc39
FEDORA-2024-4512dc54af
Packages in this update:
tpm2-tools-5.5.1-1.fc39
tpm2-tss-4.0.2-1.fc39
Update description:
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
tpm2-tools-5.5.1-1.fc38 tpm2-tss-4.0.2-1.fc38
FEDORA-2024-3265d70b61
Packages in this update:
tpm2-tools-5.5.1-1.fc38
tpm2-tss-4.0.2-1.fc38
Update description:
tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
webkit2gtk4.0-2.44.1-1.fc40
FEDORA-2024-a1246372a4
Packages in this update:
webkit2gtk4.0-2.44.1-1.fc40
Update description:
Update to 2.44.1
kernel-6.8.8-200.fc39
FEDORA-2024-bc0db39a14
Packages in this update:
kernel-6.8.8-200.fc39
Update description:
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.8-100.fc38
FEDORA-2024-f35f9525d6
Packages in this update:
kernel-6.8.8-100.fc38
Update description:
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.8-300.fc40
FEDORA-2024-010fe8772a
Packages in this update:
kernel-6.8.8-300.fc40
Update description:
The 6.8.8 stable kernel update contains a number of important fixes across the tree.
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.What is the vendor Mitigation? According to the vendor advisory, CrushFTP versions prior to 10.7.1 and 11.1.0 are vulnerable to CVE-2024-4040 and being advised to immediately apply the patch. What FortiGuard Coverage is available? Endpoint vulnerability service is available to help detect vulnerable endpoints running the CrushFTP server application. FortiGuard Labs is further investigating for additional coverages.