Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details ** CVEID: CVE-2023-6516 DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

Denial Of Service Via Account Lockout

org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...

Server-side Template Injection (SSTI)

document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...

CVE-2024-5953

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Mitigation Mitigation for this issue is either not available or....

Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Windows

Firefox ESR is prone to multiple ...

Security Updates for Microsoft Dynamics 365 (on-premises) (June 2024)

The Microsoft Dynamics 365 (on-premises) is missing security updates. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. Note that Nessus has not tested for these issues but has instead relied only on...

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability

Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM...

Ubuntu: Security Advisory (USN-6819-3)

The remote host is missing an update for...

CentOS 7 : 389-ds-base (RHSA-2024:3591)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3591 advisory. A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while...

Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases...

KLA68933 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...

Virtuoso Open-Source Edition vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages virtuoso-opensource - high-performance database Details Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker...

Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - MAC OS X

Google Chrome is prone to multiple ...

Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Windows

Mozilla Firefox is prone to multiple ...

Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Mac OS X

Mozilla Firefox is prone to multiple ...

NVIDIA Windows GPU Display Driver (June 2024)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, including the following: NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of...

RHEL 9 : expat (RHSA-2024:3926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3926 advisory. Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service...

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (June 2024)

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...

SAP NetWeaver AS Java DoS (3460407)

SAP NetWeaver Application Server for Java is affected by denial of service vulnerability: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This...

Option to Add Veeam Kasten for Kubernetes Does Not Appear in Veeam Backup & Replication

This issue may occur if the Veeam Kubernetes Service is not running and needs to be started or the Kasten Plug-In is not...

Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Linux

Google Chrome is prone to multiple ...

Ubuntu: Security Advisory (USN-6831-1)

The remote host is missing an update for...

Mozilla Firefox ESR Security Update (mfsa_2024-23_2024-26) - Mac OS X

Firefox ESR is prone to multiple ...

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo() function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial....

Ubuntu: Security Advisory (USN-6829-1)

The remote host is missing an update for...

CVE-2024-0092

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Notes Author| Note ---|--- mdeslaur | some binary drivers are no longer support by NVidia, so they are marked as ignored...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6832-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...

NVIDIA Linux GPU Display Driver (June 2024)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful...

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code...

Zoom Workplace Desktop App < 5.17.11 Divide By Zero Vulnerability (ZSB-24018)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 5.17.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-24018 advisory. Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of ...

(0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...

DR Restore - Internal error occurred: Could not retrieve artifacts for prefix

During the DR restore process the catalog service is scaled down, so when the DR Restore is re-initiated, it searches for the catalog which is not available at that time because it has been scaled...

SAP NetWeaver AS ABAP DoS (3453170)

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....

Ubuntu: Security Advisory (USN-6830-1)

The remote host is missing an update for...

Elasticsearch 8.13.1 <= 8.13.4 DoS (ESA-2024-14)

The version of Elasticsearch installed on the remote host is between 8.13.1 and 8.13.4. It is, therefore, affected by a denial of service (DoS) vulnerability as referenced in the ESA-2024-14 advisory: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template...

KLA68934 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in...

(0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The...

(0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of...

CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Bugs ...

Google Chrome Security Update (stable-channel-update-for-desktop-2024-06) - Windows

Google Chrome is prone to multiple ...

Adobe Audition Multiple Vulnerabilities (APSB24-32) - Windows

Adobe Audition is prone to multiple ...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

CVE-2024-0091

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. Notes Author| Note...

VTE vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages vte2.91 - Terminal emulator widget for GTK Details Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this issue to consume...

matio vulnerability

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libmatio - MAT File I/O Library - development files Details It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of...

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...