Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Gentoo Linux Security Advisory 202406-04

Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.

Packet Storm
Open in Source
#vulnerability#web#mac#linux#ssl
Gentoo Linux Security Advisory 202406-03

Gentoo Linux Security Advisory 202406-3 - A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code. Versions greater than or equal to 6.6.3.1 are affected.

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

Carbon Forum version 5.9.0 suffers from access control, cross site request forgery, file upload, outdated library, and remote SQL injection vulnerabilities.

Gentoo Linux Security Advisory 202406-02

Gentoo Linux Security Advisory 202406-2 - A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape. Versions greater than or equal to 1.14.6 are affected.

Gentoo Linux Security Advisory 202406-01

Gentoo Linux Security Advisory 202406-1 - A vulnerability has been discovered in GLib, which can lead to privilege escalation. Versions greater than or equal to 2.78.6 are affected.

Customize your Red Hat OpenShift nodes and keep them updated

Today we're excited to announce a new mechanism for admins to safely and easily customize an operating system deployment with highly refined needs while taking full advantage of the automation and power provided by Red Hat OpenShift. This means you don't have to second guess the need for special device drivers for uncommon hardware, system agents, or organizational demands that require more control over your host operating system.Red Hat OpenShift is designed to run on a wide variety of hardware and operational contexts. OpenShift runs so well in a variety of environments that admins rarely ne

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," cybersecurity firm eSentire said in an analysis, adding it identified the activity earlier this month. "

Perplexity Plagiarized Our Story About How Perplexity Is a Bullshit Machine

Experts aren’t unanimous about whether the AI-powered search startup’s practices could expose it to legal claims ranging from infringement to defamation—but some say plaintiffs would have strong cases.

GHSA-c25h-c27q-5qpv: Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

### Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console/compromised a user with sufficient privileges can leak domain credentials and can now attack the domain. ### Acknowledgements Special thanks to Simon Wessling for reporting this issue and helping us improve our project