Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Red Hat Security Advisory 2024-8449-03

Red Hat Security Advisory 2024-8449-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Packet Storm
#vulnerability#mac#linux#red_hat#js#buffer_overflow#sap
Red Hat Security Advisory 2024-8447-03

Red Hat Security Advisory 2024-8447-03 - An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Security Advisory 2024-8446-03

Red Hat Security Advisory 2024-8446-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

FIPS 140-3 changes for PKCS #12

With the planned release of Red Hat Enterprise Linux (RHEL) 10 in 2025, the PKCS #12 (Public-Key Cryptography Standards #12) files created in FIPS mode now use Federal Information Processing Standard (FIPS) cryptography by default. In other words, PKCS #12 files allow for backup or easy transfer of keying material between RHEL systems using FIPS approved algorithms.What are PKCS #12 files?PKCS #12 is currently defined by RFC 7292 and is a format for storing and transferring private keys, certificates, and miscellaneous secrets. Typically, PKCS #12 is used for transferring private RSA, EdDSA, o

GHSA-3pg4-qwc8-426r: OpenRefine leaks Google API credentials in releases

### Impact OpenRefine releases contain Google API authentication keys ("client id" and "client secret") which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file `openrefine-3.8.2/webapp/extensions/gdata/module/MOD-INF/lib/openrefine-gdata.jar`, which can be extracted. This archive then contains the file `com/google/refine/extension/gdata/GoogleAPIExtension.java`, which contains the following lines: ```java // For a production release, the second parameter (default value) can be set // for the following three properties (client_id, client_secret, and API key) to // the production values from the Google API console private static final String CLIENT_ID = System.getProperty("ext.gdata.clientid", new String(Base64.getDecoder().decode("ODk1NTU1ODQzNjMwLWhkZWwyN3NxMDM5ZjFwMmZ0aGE2M2VvcWFpY2JwamZoLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t"))); private static final String CLIENT_SECRET = System.getPro...

Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game

North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Red Hat Security Advisory 2024-8374-03

Red Hat Security Advisory 2024-8374-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Security Advisory 2024-8365-03

Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

Codasip Donates Tools to Develop Memory-Safe Chips

The software development kit will simplify building and testing of CHERI-enabled RISC-V applications.