AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,NetEngine16EX,SRG1300,SRG2300,SRG3300 Security Vulnerabilities

Security Bulletin: IBM Java and IBM WebSphere Application Server used by ISVG - Identity Manager have multiple vulnerabilities

Summary IBM Security Verify Governance - Identity Manager ships with IBM Java SDK and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security...

CVE-2024-35844

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc...

CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register....

CVE-2024-35844 f2fs: compress: fix reserve_cblocks counting error when out of space

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc...

CVE-2023-52676 bpf: Guard stack limits against 32bit overflow

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register....

CVE-2024-5050

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated.....

CVE-2023-52671

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being...

CVE-2023-52665

In the Linux kernel, the following vulnerability has been resolved: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way that is incompatible with the...

CVE-2023-52671 drm/amd/display: Fix hang/underflow when transitioning to ODM4:1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being...

CVE-2023-52665 powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

In the Linux kernel, the following vulnerability has been resolved: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way that is incompatible with the...

Akamai?s Perspective on May?s Patch Tuesday 2024

...

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...

Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway

Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection...

CVE-2024-27415

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager (April 2024)

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes...

CVE-2024-27415 netfilter: bridge: confirm multicast packets before passing them up the stack

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges......

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affects App Connect Professional

Summary App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details ** CVEID: CVE-2024-24549 DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially...

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum's backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be...

Impacts on ICS from the updated Cyber Assessment Framework (CAF)

NCSC has released an update of the Cyber Assessment Framework (CAF). The CAF represents where the rubber hits the road for the UK’s NIS regulations. TL;DR The NCSC CAF has been updated to version 3.2. There has been a material change to three aspects of the CAF. The changes are broadly sensible...

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...

Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2024-1701)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2024-1686)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1709)

The remote host is missing an update for the Huawei...

Mageia: Security Advisory (MGASA-2024-0179)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1673)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2024-1679)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for linux-firmware (EulerOS-SA-2024-1692)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1703)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1672)

The remote host is missing an update for the Huawei...

Ubuntu: Security Advisory (USN-6777-1)

The remote host is missing an update for...

K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008

Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...

Huawei EulerOS: Security Advisory for python-configobj (EulerOS-SA-2024-1699)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1683)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1706)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2024-1710)

The remote host is missing an update for the Huawei...

Mageia: Security Advisory (MGASA-2024-0178)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1684)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1695)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1693)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2024-1674)

The remote host is missing an update for the Huawei...

K000139667: MySQL vulnerability CVE-2024-21056

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-1711)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1705)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libtommath (EulerOS-SA-2024-1688)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2024-1689)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1685)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1702)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-1687)

The remote host is missing an update for the Huawei...

OpenSSL DoS Vulnerability (20240516) - Windows

OpenSSL is prone to a denial of service (DoS)...

Ubuntu: Security Advisory (USN-6778-1)

The remote host is missing an update for...