Countdown, Coming Soon, Maintenance – Countdown & Clock Security Vulnerabilities

SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:1711-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1711-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:1713-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1713-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header...

SUSE SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP3) (SUSE-SU-2024:1707-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1707-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP2) (SUSE-SU-2024:1729-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1729-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 38 for SLE 15 SP3) (SUSE-SU-2024:1706-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1706-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an...

jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

Description The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:1726-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1726-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 42 for SLE 15 SP2) (SUSE-SU-2024:1709-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1709-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 35 for SLE 15 SP3) (SUSE-SU-2024:1720-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1720-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:1732-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1732-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 33 for SLE 15 SP3) (SUSE-SU-2024:1736-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1736-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP4) (SUSE-SU-2024:1739-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1739-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a...

SUSE SLES15 Security Update : kernel (Live Patch 37 for SLE 15 SP2) (SUSE-SU-2024:1735-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1735-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 8 for SLE 15 SP5) (SUSE-SU-2024:1705-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1705-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

The Wordfence Affiliate Program Officially Launches Today

Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-30260 DESCRIPTION: **Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a...

SUSE SLES15 Security Update : kernel RT (Live Patch 3 for SLE 15 SP5) (SUSE-SU-2024:1677-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1677-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel (Live Patch 37 for SLE 15 SP3) (SUSE-SU-2024:1696-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1696-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2024:1695-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1695-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel RT (Live Patch 8 for SLE 15 SP5) (SUSE-SU-2024:1679-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1679-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel RT (Live Patch 9 for SLE 15 SP5) (SUSE-SU-2024:1685-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1685-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

Stable Channel Update for Desktop

The Stable channel has been updated to 125.0.6422.76/.77 for Windows, Mac and 125.0.6422.76 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:1682-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1682-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:1680-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1680-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

SUSE SLES12 Security Update : kernel (Live Patch 51 for SLE 12 SP5) (SUSE-SU-2024:1692-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1692-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

Deploy and Scale Spring Batch in the Cloud – with Adaptive Cost Control

May 21, 2024, at 9 AM PST You can now use Azure Spring Apps to effectively run Spring Batch applications with adaptive cost control. You only pay when batch jobs are running, and you can simply lift and shift your Spring Batch jobs with no code change. Spring Batch is a framework for processing...

SUSE SLES12 Security Update : kernel (Live Patch 43 for SLE 12 SP5) (SUSE-SU-2024:1686-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1686-1 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-&gt;mac_header If an...

New Windows 11 features strengthen security to address evolving cyberthreat landscape

Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of PCs, we are introducing important security features and updates that make Windows 11 more secure for users and organizations and give developers the tools.....

New Windows 11 features strengthen security to address evolving cyberthreat landscape

In this article Cybersecurity at the forefront of all we do Modern, secure hardware Stay ahead of evolving threats with Windows Explore the new Windows 11 security features Ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this...

CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11

This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and.....

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally...

Financial institutions ordered to notify customers after a breach, have an incident response plan

The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-043)

The version of kernel installed on the remote host is prior to 5.15.158-103.164. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-043 advisory. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-057)

The version of kernel installed on the remote host is prior to 5.10.216-204.855. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-057 advisory. 2024-05-23: CVE-2024-26923 was added to this advisory. In the Linux kernel, the following vulnerability...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-065)

The version of kernel installed on the remote host is prior to 5.4.275-189.375. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-065 advisory. 2024-05-23: CVE-2024-26923 was added to this advisory. A flaw was found in the smb client in the Linux...

Landing Page Builder < 1.5.1.9 - Reflected Cross-Site Scripting via pageType

Description The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the pageType parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and...

CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

CVE-2024-35942 pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

CVE-2024-35942

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

Security Bulletin: IBM Aspera Faspex 5.0.7 has addressed a cross-site scripting vulnerability (CVE-2022-40744)

Summary IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details **...

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...

CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...

CVE-2024-27405 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a...