Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand ...
Continue Reading
February 21, 2024
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authe ...
Continue Reading
February 21, 2024
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authe ...
Continue Reading
February 21, 2024
We have identified a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform ad ...
Continue Reading
February 21, 2024
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mech ...
Continue Reading
February 20, 2024
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2460 advisory. Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 1 ...
Continue Reading
February 20, 2024
Issue Overview: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP ...
Continue Reading
February 19, 2024
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended ...
Continue Reading
February 18, 2024
Back to Main
