Advisories
-
lemonldap-ng-2.20.1-1.el9
FEDORA-EPEL-2024-18565c82f2 Packages in this update: lemonldap-ng-2.20.1-1.el9 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…
-
lemonldap-ng-2.20.1-1.el8
FEDORA-EPEL-2024-c35d90e5f2 Packages in this update: lemonldap-ng-2.20.1-1.el8 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…
-
lemonldap-ng-2.20.1-1.fc41
FEDORA-2024-7bc1df53fc Packages in this update: lemonldap-ng-2.20.1-1.fc41 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…
-
lemonldap-ng-2.20.1-1.fc39
FEDORA-2024-d0a6c4ac13 Packages in this update: lemonldap-ng-2.20.1-1.fc39 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…
-
lemonldap-ng-2.20.1-1.fc40
FEDORA-2024-e457192aa2 Packages in this update: lemonldap-ng-2.20.1-1.fc40 Update description: Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by “Refresh my rights” [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid “This application is not known” when trying to access a federation application with empty…
-
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09 SEC Consult Vulnerability Lab Security Advisory < 20241107-0 > ======================================================================= title: Multiple Vulnerabilities product: HASOMED Elefant and Elefant Software Updater vulnerable version: <24.04.00, Elefant Software Updater <1.4.2.1811 fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811 CVE number: CVE-2024-50588,… Read More
-
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…
-
mingw-expat-2.6.4-1.fc40
FEDORA-2024-cdde5c873d Packages in this update: mingw-expat-2.6.4-1.fc40 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
mingw-expat-2.6.4-1.fc41
FEDORA-2024-fa21fd6c77 Packages in this update: mingw-expat-2.6.4-1.fc41 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account…