Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Red Hat Security Advisory 2024-4776-03

Red Hat Security Advisory 2024-4776-03 - An update for cups is now available for Red Hat Enterprise Linux 9.

Packet Storm
#vulnerability#linux#red_hat#js
Red Hat Security Advisory 2024-4774-03

Red Hat Security Advisory 2024-4774-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4766-03

Red Hat Security Advisory 2024-4766-03 - An update for python3 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4762-03

Red Hat Security Advisory 2024-4762-03 - An update for runc is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-4761-03

Red Hat Security Advisory 2024-4761-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-4757-03

Red Hat Security Advisory 2024-4757-03 - An update for libvirt is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

A (somewhat) complete timeline of Talos’ history

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years.

GHSA-8gj9-r4hv-3jjw: Apache Pinot: Unauthorized endpoint exposed sensitive information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:  When using a request to path `/appconfigs` to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that `/appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure