Advisories

  • lemonldap-ng-2.20.1-1.el9

    FEDORA-EPEL-2024-18565c82f2 Packages in this update: lemonldap-ng-2.20.1-1.el9 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…

    Read More

  • lemonldap-ng-2.20.1-1.el8

    FEDORA-EPEL-2024-c35d90e5f2 Packages in this update: lemonldap-ng-2.20.1-1.el8 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…

    Read More

  • lemonldap-ng-2.20.1-1.fc41

    FEDORA-2024-7bc1df53fc Packages in this update: lemonldap-ng-2.20.1-1.fc41 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…

    Read More

  • lemonldap-ng-2.20.1-1.fc39

    FEDORA-2024-d0a6c4ac13 Packages in this update: lemonldap-ng-2.20.1-1.fc39 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…

    Read More

  • lemonldap-ng-2.20.1-1.fc40

    FEDORA-2024-e457192aa2 Packages in this update: lemonldap-ng-2.20.1-1.fc40 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…

    Read More

  • SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater

    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09 SEC Consult Vulnerability Lab Security Advisory < 20241107-0 > ======================================================================= title: Multiple Vulnerabilities product: HASOMED Elefant and Elefant Software Updater vulnerable version: <24.04.00, Elefant Software Updater <1.4.2.1811 fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811 CVE number: CVE-2024-50588,… Read More

    Read More

  • FBI: Spike in Hacked Police Emails, Fake Subpoenas

    The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…

    Read More

  • mingw-expat-2.6.4-1.fc40

    FEDORA-2024-cdde5c873d Packages in this update: mingw-expat-2.6.4-1.fc40 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More

    Read More

  • mingw-expat-2.6.4-1.fc41

    FEDORA-2024-fa21fd6c77 Packages in this update: mingw-expat-2.6.4-1.fc41 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More

    Read More

  • Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)

    What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account…

    Read More