AMD Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” FP6 Security Vulnerabilities

Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

Ubuntu: Security Advisory (USN-6795-1)

The remote host is missing an update for...

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Intel Microcode vulnerabilities (USN-6797-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6797-1 advisory. It was discovered that some 3rd and 4th Generation Intel Xeon Processors did not properly...

Ubuntu: Security Advisory (USN-6793-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6790-1)

The remote host is missing an update for...

EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...

EulerOS Virtualization 2.11.0 : ncurses (EulerOS-SA-2024-1730)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function...

EulerOS Virtualization 2.11.0 : libuv (EulerOS-SA-2024-1728)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...

RHEL 9 : kernel-rt (RHSA-2024:3460)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3460 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

EulerOS Virtualization 2.11.1 : unbound (EulerOS-SA-2024-1721)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to...

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

Firefox regressions

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a...

Flowmon Unauthenticated Command Injection

...

bind and dhcp security update

bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-50] - Rebuild...

EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2024-1723)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1801-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1801-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. This update fixes a...

EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2024-1729)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6795-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6795-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

EulerOS Virtualization 2.11.1 : ncurses (EulerOS-SA-2024-1719)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function...

EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2024-1718)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. (CVE-2024-32760) Note: This issue affects NGINX systems compiled with the.....

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...

CVE-2024-36016

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to...

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....

ROS-20240529-02

A vulnerability in the LibreOffice office suite is related to uncontrolled script execution in the graphics linking scripts by clicking on them. Exploitation of the vulnerability could allow an attacker to execute scripts embedded in...

python3 security update

[3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 [3.6.8-61] - Security fix for CVE-2023-6597 Resolves: RHEL-33671 [3.6.8-60] - Fix build with expat with fixed CVE-2023-52425 Related:...

RHEL 9 : kernel (RHSA-2024:3461)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3461 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1804-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:1804-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The update is fixing a regression with nfs that could lead.....

EulerOS Virtualization 2.11.1 : dnsmasq (EulerOS-SA-2024-1713)

According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a...

EulerOS Virtualization 2.11.0 : dnsmasq (EulerOS-SA-2024-1724)

According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a...

EulerOS Virtualization 2.11.0 : grub2 (EulerOS-SA-2024-1726)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...

EulerOS Virtualization 2.11.1 : grub2 (EulerOS-SA-2024-1715)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...

Security Bulletin: Triton Inference Server - May 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

Intel Microcode vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages intel-microcode - Processor microcode for Intel CPUs Details It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to...

pcp security update

[5.3.7-20.0.1] - pcp-zoneinfo fix to replay ol7 archives [Orabug: 35903733] - Backporting of python tool pcp-meminfo [Orabug: 35759707] - Backporting of python tool pcp-slabinfo [Orabug: 35560940] - Backporting of python tool pcp-buddyinfo [Orabug: 35660932] - Backporting of python tool...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-3271)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3271 advisory. bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC...

git-lfs security update

[3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...

K000139611: NGINX HTTP/3 QUIC vulnerability CVE-2024-31079

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection...

FreeBSD : OpenSSL -- Use after free vulnerability (73a697d7-1d0f-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 73a697d7-1d0f-11ef-a490-84a93843eb75 advisory. The OpenSSL project reports: Use After Free with SSL_free_buffers (low). Calling the OpenSSL API...

Debian dla-3822 : python-pymysql - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3822 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3822-1 [email protected] ...

Ubuntu 20.04 LTS : Firefox regressions (USN-6779-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6779-2 advisory. USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: ...

idm:DL1 and idm:client security update

bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...

Malicious code in controlbundler (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (db9a250abd3db6888ce6c77c0308a1e67927ee02b972e1516c7fdf295f33e522) The OpenSSF Package Analysis project identified 'controlbundler' @ 1.0.6 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-36112

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/&lt;uuid&gt;/) and/or the members REST API view...

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/&lt;uuid&gt;/) and/or the members REST API view...

CVE-2024-23580 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs)

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted...