Tag
#auth
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 incorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
There is a whole ecosystem behind the sales and distribution of counterfeit goods. Best to tay away from them.
Affected by CVE-2021-3538
The ABB BMS/BAS controller is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
### Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03. ### Patches The REXML gem 3.3.9 or later include the patch to fix the vulnerability. ### Workarounds Use Ruby 3.2 or later instead of Ruby 3.1. ### References * https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated building/project name exposure vulnerability.
Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.
Relying on EOL software leaves critical systems exposed — making it a problem no business can afford to ignore.
The building management system suffers from an unauthenticated building/project name exposure.
A report distributed by the US Department of Homeland Security warned that financially motivated cybercriminals are more likely to attack US election infrastructure than state-backed hackers.