Improper Authorization

next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or ...

Continue Reading
RHEL 8 : grafana (RHSA-2023:6972)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6972 advisory. Grafana is validating Azure AD accounts based on th ...

Continue Reading
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana

Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson M ...

Continue Reading
grafana security and enhancement update

[9.2.10-7] - bump release number for rebuild with fixed gating.yaml file [9.2.10-6] - resolve RHEL-12665 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing ...

Continue Reading
Non-Human Access is the Path of Least Resistance: A 2023 Recap

2023 has seen its fair share of cyber attacks, however there's one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ...

Continue Reading
Threat Roundup for November 3 to November 10

![Threat Roundup for November 3 to November 10](https://blog.talosintelligence.com/content/images/2023/11/threat-roundup-1.jpg) Today, Talos is publishing a glimpse into the most prevalent threats we' ...

Continue Reading
Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): grafana: account takeover possible when using Azure AD OAuth ( ...

Continue Reading
Description of the security update for Microsoft Exchange Server 2019 and 2016: November 14, 2023 (KB5032146)

None Notice For Microsoft Exchange Server 2016 installations, see also KB 5032147 for additional information about issues that are fixed in this security update. This security update rollup resolve ...

Continue Reading

Back to Main

Subscribe for the latest news: