Fedora: Security Advisory for pandoc (FEDORA-2024-b458482d48)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
Fedora: Security Advisory for pandoc (FEDORA-2024-6ad6b9f417)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...
10CVSS
6.6AI Score
0.133EPSS
Security Bulletin: NVIDIA CUDA Toolkit - April 2024
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...
3.3CVSS
6.7AI Score
0.0004EPSS
Elasticsearch 8.4.0 < 8.11.1 DoS (ESA-2024-05)
The version of Elasticsearch installed on the remote host is between 8.4.0 and prior to 8.11.1. It is, therefore, affected by a denial of service (DoS) vulnerability, due to an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor through the REST API. The...
4.3CVSS
4.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform has more then 64 cpus, system will crash on these platforms. MAX_CORE_PIC is the maximum cpu....
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to silence such warnings (and also avoid potential errors due to unexpected interrupts): WARNING: CPU: 1....
7.6AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query on certain columnar table. Vulnerability Details ** CVEID: CVE-2024-22360 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially...
5.3CVSS
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details ** CVEID: CVE-2024-27254 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server is vulnerable to denial of service with a...
5.3CVSS
6.7AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2024-25046 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service by an authenticated user using a specially...
5.3CVSS
6.6AI Score
0.0004EPSS
Summary IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. Vulnerability Details ** CVEID: CVE-2023-52296 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service when quering a...
5.3CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce:...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
6.4AI Score
0.0004EPSS
CVE-2024-26675 ppp_async: limit MRU to 64K
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...
7.6AI Score
0.0004EPSS
CVE-2024-26674 x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...
6.8AI Score
0.0004EPSS
CVE-2023-52635 PM / devfreq: Synchronize devfreq_monitor_[start/stop]
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adopt the same sanity che...
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardwa...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
7.6AI Score
0.0004EPSS
CVE-2023-33101 Incorrect Type Conversion or Cast in Multi-Mode Call Processor
Transient DOS while processing DL NAS TRANSPORT message with payload length...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-33100 Improper input validation in Multi-Mode Call Processor
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...
7.5CVSS
6.9AI Score
0.0004EPSS
CVE-2023-33100 Improper input validation in Multi-Mode Call Processor
Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2023-33099 Improper Input Validation in Multi-Mode Call Processor
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...
7.5CVSS
7AI Score
0.0005EPSS
CVE-2023-33099 Improper Input Validation in Multi-Mode Call Processor
Transient DOS while processing SMS container of non-standard size received in DL NAS transport in...
7.5CVSS
7.8AI Score
0.0005EPSS
Elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to a flaw that causes the Elasticsearch ingest node which parses PDF files to crash. Notably, this issue does not occur with password-protected or unencrypted PDF files, and requires the attachment processor to be...
4.3CVSS
6.7AI Score
0.0004EPSS
Updated microcode packages fix security vulnerabilities
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-22655) Information exposure through microarchitectural state after...
6.5CVSS
7.8AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: pandoc-2.19.2-22.fc38
Pandoc is a Haskell library for converting from one markup format to anothe r, and a command-line tool that uses this library. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML...
6.3CVSS
7.1AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to anothe r. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) -.....
6.3CVSS
6.2AI Score
0.001EPSS
A flaw was found in the Elasticsearch package. An uncaught exception occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with.....
4.3CVSS
7AI Score
0.0004EPSS
Elasticsearch Uncaught Exception leading to crash
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
7AI Score
0.0004EPSS
Elasticsearch Uncaught Exception leading to crash
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
7AI Score
0.0004EPSS
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
4.4AI Score
0.0004EPSS
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
4.3AI Score
0.0004EPSS
CVE-2024-23449 Elasticsearch Uncaught Exception
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
4.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: pandoc-3.1.3-29.fc40
Pandoc is a Haskell library for converting from one markup format to anothe r. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) -.....
6.3CVSS
6.3AI Score
0.001EPSS
Fedora: Security Advisory for pandoc (FEDORA-2024-7d83cbccb6)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
4.3CVSS
7.1AI Score
0.0004EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to confidentiality impacts [CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945] and a timing-based side-channel attack [CVE-2023-33850] as described in the...
7.5CVSS
7AI Score
0.001EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7.5AI Score
0.0004EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7AI Score
0.0004EPSS
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and...
7.4CVSS
7.8AI Score
0.0004EPSS
Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
7.3AI Score
0.001EPSS
libreoffice security fix update
An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...
8.8CVSS
7.5AI Score
0.001EPSS