3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Security Vulnerabilities

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: sbom-scorecard, aws-flb-cloudwatch, slsa-verifier, gobuster, cilium-envoy, configmap-reload, go-licenses, grpcurl, render-template, smarter-device-manager, sops, docker-cli, local-path-provisioner, amass, kubernetes-dashboard-metrics-scraper, goreleaser, oras,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: sbom-scorecard, aws-flb-cloudwatch, slsa-verifier, gobuster, cilium-envoy, configmap-reload, go-licenses, grpcurl, render-template, smarter-device-manager, sops, docker-cli, local-path-provisioner, amass, kubernetes-dashboard-metrics-scraper, goreleaser, oras,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: sbom-scorecard, aws-flb-cloudwatch, slsa-verifier, gobuster, cilium-envoy, configmap-reload, go-licenses, grpcurl, render-template, smarter-device-manager, sops, docker-cli, local-path-provisioner, amass, kubernetes-dashboard-metrics-scraper, goreleaser, oras,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: sbom-scorecard, aws-flb-cloudwatch, slsa-verifier, gobuster, cilium-envoy, configmap-reload, go-licenses, grpcurl, render-template, smarter-device-manager, sops, docker-cli, local-path-provisioner, amass, kubernetes-dashboard-metrics-scraper, goreleaser, oras,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

CVE-2024-36969

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...

Exploit for CVE-2022-30203

dubious disk - the porygon-z that's super effective against...

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...

CVE-2023-32475

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...

CVE-2023-32475

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...

CVE-2023-32475

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the...

Fedora: Security Advisory for rust-sevctl (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

Fedora: Security Advisory for rust-snphost (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

Jupyter server on Windows discloses Windows user password hash

Summary Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other...

Jupyter server on Windows discloses Windows user password hash

Summary Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178 Jupyter server on Windows discloses Windows user password hash

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

kernel security and bug fix update

[5.14.0-427.20.1_4.OL9] Disable UKI signing [Orabug: 36571828] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey...

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence (AI) and machine learning (ML) technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

Unable to generate the correct character set

Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....

Unable to generate the correct character set

Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nano_id::base62 and nano_id::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the....