Read Time:1 Second
Post Content
Category Archives: Advisories
GLSA 202405-07: HTMLDOC: Multiple Vulnerabilities
Live2D Cubism refusing to fix validation issue leading to heap corruption.
Read Time:23 Second
Posted by PT via Fulldisclosure on May 03
Live2D Cubism is the dominant “vtuber” software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You’re supposed to
use those to deserialize and render/animate the models created with their main software – often untrusted files from
random people on the internet.
While their main java-based…
kernel-6.8.9-200.fc39
Read Time:9 Second
FEDORA-2024-3697e3b459
Packages in this update:
kernel-6.8.9-200.fc39
Update description:
The 6.8.9 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.9-300.fc40
Read Time:9 Second
FEDORA-2024-c90afc5c01
Packages in this update:
kernel-6.8.9-300.fc40
Update description:
The 6.8.9 stable kernel update contains a number of important fixes across the tree.
kernel-6.8.9-100.fc38
Read Time:9 Second
FEDORA-2024-e513c6594d
Packages in this update:
kernel-6.8.9-100.fc38
Update description:
The 6.8.9 stable kernel update contains a number of important fixes across the tree.
DSA-5679-1 less – security update
Read Time:12 Second
Several vulnerabilities were discovered in less, a file pager, which may
result in the execution of arbitrary commands if a file with a specially
crafted file name is processed.
DSA-5678-1 glibc – security update
Read Time:12 Second
Several vulnerabilities were discovered in nscd, the Name Service Cache
Daemon in the GNU C library which may lead to denial of service or the
execution of arbitrary code.
DSA-5677-1 ruby3.1 – security update
Read Time:11 Second
Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may result in information disclosure, denial
of service or the execution of arbitrary code.
GitLab Password Reset Vulnerability (CVE-2023-7028)
Read Time:46 Second
What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog.What is the recommended Mitigation?GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts.What FortiGuard Coverage is available?FortiGuard Labs has an existing Web Application Security signature “GitLab.Password.Reset.Account.Takeover” released on Jan 16 to detect and block any attack attempts targeting the Authentication Bypass Vulnerability in GitLab (CVE-2023-7028) and has Endpoint Vulnerability signature ID “5551” to detect vulnerable versions of installed GitLab software.