AMD Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics “Picasso” FP5 Security Vulnerabilities

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

ROS-20240626-09

Vulnerability of opj2_decompress program of OpenJPEG image encoding and decoding library is related to incorrect processing of a directory with a large number of files. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability of -ImgDir...

RHEL 9 : kernel (RHSA-2024:4108)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4108 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: use...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2024:2197-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2197-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2189-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2189-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress...

Gitlab -- Vulnerabilities

Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's...

ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access...

Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)

A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording (NVR) devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...

Atlassian Jira < 9.4.21 / 9.12.x < 9.12.8 / 9.15.x < 9.16.0 (JRASERVER-77713)

The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-77713 advisory. This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information...

CVE-2024-34581

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

AMD Processors February 2024 Security Updates

AMD has informed HP of potential vulnerabilities identified in client platform firmware for some AMD processors, which might allow escalation of privilege, arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what...

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress.....

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.0.5)

The version of AOS installed on the remote host is prior to 6.8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.0.5 advisory. An information disclosure vulnerability exists in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...

Hanwha Vision NVR Remote Code Execution (CVE-2023-6096)

By dismantling the firmware, an attacker can analyze internal information, as well as configure the manipulated firmware to update the product. If the attacker has the ability to log into the product, they can take control of it. This plugin only works with Tenable.ot. Please visit...

AI Coding Companions 2024: AWS, GitHub, Tabnine + More

AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before. This blog looks at how the landscape is changing and key features of market-leading.....

Jenkins plugins Multiple Vulnerabilities (2024-06-26)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Low Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before...

Rockwell Automation ThinManager ThinServer RCE (CVE-2024-5988)

The Rockwell Automation ThinManager ThinServer running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to execute arbitrary code with SYSTEM...

ROS-20240626-10

A vulnerability in the getUnpushedChanges() function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary...

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed.....

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed.....

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive...

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive...

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

Panic when parsing invalid palette-color images in golang.org/x/image

Parsing a corrupt or malicious image with invalid color indices can cause a...

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive...

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be.....

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

CVE-2024-39462

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign -&gt;num before accessing -&gt;hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -&gt;num before accessing -&gt;hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007....

CVE-2024-38385

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the.....

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)...

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...