Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Red Hat Security Advisory 2024-6720-03

Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Packet Storm
Open in Source
#vulnerability#web#linux#red_hat#js#java#firefox
Red Hat Security Advisory 2024-6719-03

Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Apple Security Advisory 09-16-2024-6

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

Ubuntu Security Notice USN-7013-1

Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.

GHSA-2xpq-xp6c-5mgj: Contao affected by insert tag injection via canonical URL

### Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. ### Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. ### Workarounds Disable canonical tags in the settings of the website root page. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-4p75-5p53-65m9: Contao affected by directory traversal in the file selector widget

### Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. ### Patches Update to Contao 4.13.49. ### Workarounds None. ### References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Jakob Steeg from usd AG for reporting this vulnerability.

GHSA-vm6r-j788-hjh5: Contao affected by remote command execution through file upload

### Impact Back end users with access to the file manager can upload malicious files and execute them on the server. ### Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. ### Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory. ### References https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Jakob Steeg from usd AG for reporting this vulnerability.

The Current Cybersecurity Landscape: New Threats, Same Security Mistakes

It is imperative to develop robust policies for new tech and future-proofing by favoring investments in security.

GHSA-f2jm-rw3h-6phg: LangChain pickle deserialization of untrusted data

A vulnerability in the `FAISS.deserialize_from_bytes` function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the `os.system` function. The issue affects versions prior to 0.2.10.

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The