#vulnerability

Red Hat Security Advisory 2024-9956-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2024-9946-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2024-9945-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Security Advisory 2024-9943-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9942-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Only 1.11% of UAE's 37,926 .ae domains have implemented DMARC, leaving most vulnerable to phishing and and spoofing attacks.

Hacktivists have breached Andrew Tate's learning platform The Real World and obtained 794,000 usernames for current and former members, as well as 324,382 email addresses of former clients.

By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape: TALOS-2024-1964 (CVE-2024-38184) TALOS-2024-1965 (CVE-2024-38185)

We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize. For instance, telecom networks being breached isn’t just about stolen data—it’s about power. Hackers are

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. ## Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers.