Monthly Archives: October 2024

Advisories

xlibre Xnest security advisory & bugfix releases

Read Time:24 Second

Posted by Enrico Weigelt, metux IT consult on Oct 31

XLibre project security advisory
———————————

As Xlibre Xnest is based on Xorg, it is affected by some security issues
which recently became known in Xorg:

CVE-2024-9632: can be triggered by providing a modified bitmap to the
X.Org server.
CVE-2024-9632: Heap-based buffer overflow privilege escalation in
_XkbSetCompatMap

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9632

Affected versions:

* 24.1.0…

Read More

Advisories

APPLE-SA-10-29-2024-1 Safari 18.1

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Oct 31

APPLE-SA-10-29-2024-1 Safari 18.1

Safari 18.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121571.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari Downloads
Available for: macOS Ventura and macOS Sonoma
Impact: An attacker may be able to misuse a trust relationship to…

Read More

Advisories

SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20241030-0 >
=======================================================================
title: Query Filter Injection
product: Ping Identity PingIDM (formerly known as ForgeRock Identity
Management)
vulnerable version: v7.0.0 – v7.5.0 (and older unsupported versions)
fixed version: various patches; v8.0
CVE number:…

Read More