There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment.
Still, nice piece of security analysis.
ruby-3.3.5-14.fc41
Upgrade to Ruby 3.3.5.
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
openjpeg-2.5.2-4.fc41
Backport fix for CVE-2023-39327.
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
clamav-1.0.7-1.el8
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-030
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure: 2024-09-04…
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-029
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Dependency on Vulnerable Third-Party
Component (CWE-1395)
Use of Unmaintained Third Party Components
(CWE-1104)
Risk Level: High
Solution Status: Fixed…
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-028
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: Cleartext Storage of Sensitive Information
(CWE-312)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public…
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-027
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure:…
