Read Time:6 Second
FEDORA-2024-831b7c8340
Packages in this update:
mingw-python-idna-3.7-1.fc38
Update description:
Update to idna-3.7.
Category Archives: Advisories
CVE-2024-31705
Read Time:22 Second
Posted by V3locidad on Apr 14
CVE ID: CVE-2024-31705
Title : RCE to Shell Commands” Plugin / GLPI Shell Command Management Interface
Affected Product : GLPI – 10.X.X and last version
Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.
Affected Component : A remote code execution (RCE) vulnerability has been identified in the ‘Shell…
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14
SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: –
impact: medium
homepage: https://aws.amazon.com/glue/
found:…
chromium-123.0.6312.122-1.el8
Read Time:15 Second
FEDORA-EPEL-2024-762aef7cb1
Packages in this update:
chromium-123.0.6312.122-1.el8
Update description:
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
chromium-123.0.6312.122-1.el9
Read Time:15 Second
FEDORA-EPEL-2024-2445965799
Packages in this update:
chromium-123.0.6312.122-1.el9
Update description:
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
chromium-123.0.6312.122-1.el7
Read Time:15 Second
FEDORA-EPEL-2024-9bc8e80200
Packages in this update:
chromium-123.0.6312.122-1.el7
Update description:
update to 123.0.6312.122
High CVE-2024-3157: Out of bounds write in Compositing
High CVE-2024-3516: Heap buffer overflow in ANGLE
High CVE-2024-3515: Use after free in Dawn
DSA-5659-1 trafficserver – security update
Read Time:10 Second
Bartek Nowotarski discovered that Apache Traffic Server, a reverse and
forward proxy server, was susceptible to denial of service via HTTP2
continuation frames.
kernel-6.8.6-200.fc39
Read Time:9 Second
FEDORA-2024-f93cdd8831
Packages in this update:
kernel-6.8.6-200.fc39
Update description:
The 6.8.6 stable kernel update contains a number of important fixes across the tree.
DSA-5658-1 linux – security update
Read Time:9 Second
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
Read Time:39 Second
What is the vulnerability/attack?
A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going.
What is the recommended Mitigation?
The vendor has released a threat prevention signature and is currently developing a hotfix releases of PAN-OS.
What FortiGuard Coverage is available?
As the situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.