Tag
#auth
The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well as within, agencies.
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.
German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This…
The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.
### Impact _What kind of vulnerability is it? Who is impacted?_ Potential XSS from API calls below: GET <app>/v1/credentials GET <app>/v1/credentials/<id> GET <app>/v1/archive/credentials/<id> GET <app>/v1/archive/credentials POST <app>/v1/credentials PUT <app>/v1/credentials/<id> PUT <app>/v1/credentials/<id>/<to_revision> GET <app>/v1/services GET <app>/v1/services/<id> GET <app>/v1/archive/services/<id> GET <app>/v1/archive/services PUT <app>/v1/services/<id> PUT <app>/v1/services/<id>/<to_revision> Stored XSS that can only be used as a stored HTML injection. The attacker needs to be authenticated and have privileges to create new credentials, but could use this to show information and run scripts to other users into the same Confidant instance. ### Patches _Has the problem been patched? What versions should users upgrade to?_ yes, version 6.6.2 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ NO ### References _Are there any l...
BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.
Red Hat Security Advisory 2024-6890-03 - New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2024-6889-03 - New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.