Category Archives: Advisories

lemonldap-ng-2.20.1-1.el9

Read Time:25 Second

FEDORA-EPEL-2024-18565c82f2

Packages in this update:

lemonldap-ng-2.20.1-1.el9

Update description:

Update to lemonldap-ng 2.20.1:

[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated

Read More

lemonldap-ng-2.20.1-1.fc39

Read Time:24 Second

FEDORA-2024-d0a6c4ac13

Packages in this update:

lemonldap-ng-2.20.1-1.fc39

Update description:

Update to lemonldap-ng 2.20.1:

[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated

Read More

lemonldap-ng-2.20.1-1.fc41

Read Time:24 Second

FEDORA-2024-7bc1df53fc

Packages in this update:

lemonldap-ng-2.20.1-1.fc41

Update description:

Update to lemonldap-ng 2.20.1:

[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated

Read More

lemonldap-ng-2.20.1-1.fc40

Read Time:24 Second

FEDORA-2024-e457192aa2

Packages in this update:

lemonldap-ng-2.20.1-1.fc40

Update description:

Update to lemonldap-ng 2.20.1:

[Security] Adaptative Authentication Rules triggered by “Refresh my rights”
[Security] XSS in upgradeSession / forceUpgrade pages
downloadSamlMetadata missing from packages in 2.20.0
CDA request for id is not valid
“This application is not known” when trying to access a federation application with empty RelayState
SAML regression in 2.20.0
Internal error when captcha rule isn’t validated

Read More

SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09

SEC Consult Vulnerability Lab Security Advisory < 20241107-0 >
=======================================================================
title: Multiple Vulnerabilities
product: HASOMED Elefant and Elefant Software Updater
vulnerable version: <24.04.00, Elefant Software Updater <1.4.2.1811
fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811
CVE number: CVE-2024-50588,…

Read More

Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)

Read Time:49 Second

What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account takeover. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue. What is the recommended Mitigation?Palo Alto Networks has released security updates to address the vulnerability. This issue is fixed in Expedition 1.2.92 and all later versions. https://security.paloaltonetworks.com/CVE-2024-5910 What is FortiGuard Coverage?FortiGuard recommends users to apply the fix provided by the vendor and follow any mitigation steps provided. FortiGuard IPS protection is available, and Fortinet customers remain protected through it. Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More