Category Archives: Advisories

SEC Consult SA-20240522-0 :: Broken access control & API Information Exposure in 4BRO App

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 23

SEC Consult Vulnerability Lab Security Advisory < 20240522-0 >
=======================================================================
title: Broken access control & API Information Exposure
product: 4BRO App
vulnerable version: before 2024-04-17
fixed version: 2024-04-17
CVE number: –
impact: Critical
homepage: https://www.4bro.de
found: 2023-05-07…

Read More

[CFP] Security BSides Ljubljana 0x7E8 | September 27, 2024

Read Time:14 Second

Posted by Andraz Sraka on May 23

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..–+MMNy:…-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..—.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh–mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh—m:-:hy+sMN..+Mo..os+.-:Ny–ossssdN-.:yyo+mM…

Read More

A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass

Read Time:25 Second

A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. An attacker could then view, change, or delete data; or create new accounts with full user rights.

Read More

USN-6784-1: cJSON vulnerabilities

Read Time:23 Second

It was discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. This issue only affected Ubuntu 22.04 LTS and
Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472)

Luo Jin discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. (CVE-2024-31755)

Read More

chromium-125.0.6422.76-1.el7

Read Time:30 Second

FEDORA-EPEL-2024-46d6266ef3

Packages in this update:

chromium-125.0.6422.76-1.el7

Update description:

update to 125.0.6422.76

High CVE-2024-5157: Use after free in Scheduling
High CVE-2024-5158: Type Confusion in V8
High CVE-2024-5159: Heap buffer overflow in ANGLE
High CVE-2024-5160: Heap buffer overflow in Dawn

update to 125.0.6422.60

High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads

Read More