#vulnerability

Red Hat Security Advisory 2024-3422-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-3421-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3418-03 - An update for rust is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-3417-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3414-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Prior to 5.2.1, the sendmail transport (`Swift_Transport_SendmailTransport`) was vulnerable to an arbitrary shell execution if the "From" header came from a non-trusted source and no "Return-Path" is configured. This has been fixed in 5.2.1. If you are using sendmail as a transport, you are encouraged to upgrade as soon as possible.

The vulnerability pertains to the usage of an insecure random number generator (RNG) in the "stormpath-sdk-php" library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.

ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700 ### Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700 ### Exploits Because of missing escaping of the URL param redirect a XSS attack is possible. For example: Setting the redirect param to `"><a%20href="http://github.com">GitHub.com</a><inpu%20type="hidden"%20"` would result in a link added to the login page. ### Resolution If you are using any version of ScnSocialAuth below 1.15.2 please upgrade immediately by running composer update.

By Cyber Newswire ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and… This is a post from HackRead.com Read the original post: ELLIO and ntop Partnership Enhances Real-Time Network Traffic Monitoring

By Cyber Newswire ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and… This is a post from HackRead.com Read the original post: ELLIO and ntop Partnership Enhances Real-Time Network Traffic Monitoring