Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Red Hat Security Advisory 2024-4028-03

Red Hat Security Advisory 2024-4028-03 - Red Hat OpenShift Serverless version 1.33.0 is now available.

Packet Storm
Open in Source
#vulnerability#red_hat#js
Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4018-03

Red Hat Security Advisory 2024-4018-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

GHSA-cchp-3rq6-69wj: events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users.

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2

Was T-Mobile compromised by a zero-day in Jira?

IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?

High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

GHSA-9gxx-58q6-42p7: Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

### Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. ### Patches The issue was patched in lnd [v0.17.0](https://github.com/lightningnetwork/lnd/releases/tag/v0.17.0-beta). Users should update to a version >= v0.17.0 to be protected. ### References Detailed blog post: https://morehouse.github.io/lightning/lnd-onion-bomb/ Developer discussion: https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).