Armoury Crate & Aura Creator Installer (ROG Live Service) Security Vulnerabilities

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4067 DESCRIPTION: **Node.js micromatch module is vulnerable to a...

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...

curl: Denial of Service in curl Request - HTTP headers eat all memory

Summary: Curl's unrestricted header storage lets malicious servers overwhelm memory, leading to out of Memory ( DOS) . When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on how many....

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service (DoS). The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions....

CVE-2024-35328

A flaw was found in the libyaml library. Setting a YAML string with the yaml_parser_set_input_string function to be parsed by the yaml_parser_parse function can cause an infinite loop, resulting in a denial of service in the application linked to the library. Mitigation Applications that do not...

CVE-2024-37535

A flaw was found in gnome VTE. This flaw allows an attacker to cause a denial of service via a window resize escape...

CVE-2024-34364

A flaw was found in Envoy's ext_proc and ext_authz functions. This flaw allows a remote, unauthenticated attacker to trigger excessive memory consumption, causing a denial of...

CVE-2024-34363

A flaw was found in Envoy's access log JSON formatter. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

CVE-2024-34362

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

CVE-2024-32976

A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of...

CVE-2024-32975

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

CVE-2024-32974

A flaw was found in Envoy's QUIC stack. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of...

CVE-2023-46103

A flaw was found in intel-microcode. The sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra processors that may allow an authenticated user to enable a denial of service via local access. Mitigation Mitigation for this issue is either not available or the...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-27982 ...

Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6821-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-4 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2024:2985)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2985 advisory. * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) * python-cryptography: memory corruption via...

Rocky Linux 8 : .NET 8.0 (RLSA-2024:3345)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3345 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

Linux kernel vulnerabilities

Releases Ubuntu 24.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gke - Linux kernel for Google Container Engine (GKE) systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions,...

Debian dsa-5710 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5710 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5710-1 [email protected] ...

Rocky Linux 8 : python-dns (RLSA-2024:3275)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:3275 advisory. * dnspython: denial of service in stub resolver (CVE-2023-29483) Tenable has extracted the preceding description block directly from the Rocky Linux security...

Linux kernel (Azure) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a...

Openshift Authentication - Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token

Theis issue is observed when the token provided while configuring oAuth does not match with the service account...

ROS-20240614-02

The vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. int and str data types. Exploitation of the vulnerability could allow an attacker to cause a denial of service due to the algorithmic...

Rocky Linux 8 : .NET 7.0 (RLSA-2024:3340)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3340 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

Rocky Linux 8 : python3 (RLSA-2024:3347)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3347 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Windows

Google Chrome is prone to a stack-based buffer overflow...

Google Chrome Security Update (stable-channel-update-for-desktop_13-2024-02) - Linux

Google Chrome is prone to a stack-based buffer overflow...

Rocky Linux 9 : .NET 8.0 (RLSA-2024:2842)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2842 advisory. * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in...

Rocky Linux 8 : idm:DL1 (RLSA-2024:3044)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3044 advisory. * freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) Tenable has extracted the preceding description block directly...

AlmaLinux 9 : 389-ds-base (ALSA-2024:3837)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3837 advisory. * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause...

Ubuntu: Security Advisory (USN-6833-1)

The remote host is missing an update for...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2019-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following...