AMD Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” FP6 Security Vulnerabilities

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

CVE-2024-36917

In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...

CVE-2024-36918

In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MAX_SIZE. This brings the bloom map in line with many other map types. The lack of this protection can....

CVE-2024-36937

In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the...

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1763)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1748)

The remote host is missing an update for the Huawei...

The Events Calendar Free & Pro <= 6.4.0 - Contributor+ Missing Authorization to Authenticated Arbitrary Events Access

Description Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a insufficient capability checks and restrictions on a function in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to access.....

Akaunting 3.1.8 Server-Side Template Injection

...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1741)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1781)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-1758)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash...

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1764)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...

EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1742)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Oracle Linux 8 : git-lfs (ELSA-2024-3346)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves:...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1743)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:1834-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6797-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6779-2)

The remote host is missing an update for...

FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1715)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1719)

The remote host is missing an update for the Huawei...

USN-6768-1: GLib vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1759)

The remote host is missing an update for the Huawei...

CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will.....

CVE-2024-36895

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper...

CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling...

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

CVE-2024-36926

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2024:1845-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1845-1 advisory. Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): - CVE-2023-38264: Fixed Object Request Broker (ORB) denial of...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1763)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)

The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with...

SUSE SLES15 / openSUSE 15 Security Update : warewulf4 (SUSE-SU-2024:1838-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1838-1 advisory. - fixed wwctl configure --all doesn't configure ssh (bsc#1225402) - update to 4.5.2 with following changes: * Reorder dnsmasq config to...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

RHEL 8 : gdisk (RHSA-2024:3486)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1836-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1836-1 advisory. - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream,...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1741)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1724)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1713)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1723)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1721)

The remote host is missing an update for the Huawei...

A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more

Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think,...

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability (CWE-78). ## Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)

The remote host is missing an update for the Huawei...