AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Security Vulnerabilities

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi...

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version...

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi...

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier)...

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

APT42’s Operations Employ “Nicecurl” and “Tamecat” Malwares

...

Attacks, Vulnerabilities and Actors 29 April to 5 May 2024

...

CISA Known Exploited Vulnerability Catalog April 2024

Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and...

SUSE: Security Advisory (SUSE-SU-2024:1539-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1497-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1002-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1340-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1498-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0847-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1145-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0922-1)

The remote host is missing an update for...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...

SUSE: Security Advisory (SUSE-SU-2024:0901-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1368-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1079-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1269-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1059-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1167-1)

The remote host is missing an update for...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro < 5.3.2 - Unauthenticated Arbitrary Shortcode Execution

Description The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does....

School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection

Description The The School Management Pro plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 10.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

SUSE: Security Advisory (SUSE-SU-2024:1355-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0899-1)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

SUSE: Security Advisory (SUSE-SU-2024:0834-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1304-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1534-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1375-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1144-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0832-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1350-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0864-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1170-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1114-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1451-1)

The remote host is missing an update for...

WP Migrate Pro < 2.6.11 - Unauthenticated PHP Object Injection

Description The WP Migrate Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...

SUSE: Security Advisory (SUSE-SU-2024:1475-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1139-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0917-1)

The remote host is missing an update for...