Read Time:9 Second
FEDORA-2024-926631fe97
Packages in this update:
mingw-python3-3.11.9-1.fc40
Update description:
Update to python-3.11.9. Backport fix for CVE-2024-6923.
Monthly Archives: August 2024
mingw-python3-3.11.9-1.fc39
Read Time:9 Second
FEDORA-2024-f3851065c0
Packages in this update:
mingw-python3-3.11.9-1.fc39
Update description:
Update to python-3.11.9. Backport fix for CVE-2024-6923.
Chinese Velvet Ant Uses Cisco Zero-Day to Deploy Custom Malware
Read Time:5 Second
The Chinese cyber espionage group was observed jailbreaking a Cisco switch appliance using a zero-day exploit
DSA-5758-1 trafficserver – security update
Read Time:10 Second
Several vulnerabilities were discovered in Apache Traffic Server,
a reverse and forward proxy server, which could result in denial
of service or request smuggling.
calibre-7.17.0-3.fc40
Read Time:10 Second
FEDORA-2024-a455bea9ca
Packages in this update:
calibre-7.17.0-3.fc40
Update description:
Fix fonts for < f41 releases.
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
Re: [SYSS-2024-038] DiCal-RED – Use of Password Hash Instead of Password for Authentication
Read Time:11 Second
Posted by Jeffrey Walton on Aug 24
There’s no difference between sending the password or Hash(password)
at the client. It is similar to (but weaker than) HTTP digest
authentication.
There’s nothing to see here.
Jeff
SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
Read Time:22 Second
Posted by David Brown via Fulldisclosure on Aug 24
Title
=====
SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP
Status
======
PUBLISHED
Version
=======
1.0
CVE reference
=============
CVE-2024-42040
Link
====
https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-004/
Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
Affected products/vendor
========================
Das U-Boot, https://docs.u-boot.org
Summary
=======
Das U-Boot (U-Boot) is a…
calibre-7.17.0-2.fc40
Read Time:9 Second
FEDORA-2024-6f1ed8b501
Packages in this update:
calibre-7.17.0-2.fc40
Update description:
Upgrade to latest upstream release to fix 4 CVE’s and enable new hardware
Multiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Remote Code Execution
Read Time:22 Second
Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk (WHD), the most severe of which could allow for remote code execution. Web Help Desk (WHD) is a SolarWinds IT help desk solution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.