HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

(RHSA-2024:2079) Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

Fedora 39 : golang-helm-3 (2023-46c95e2c57)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-46c95e2c57 advisory. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. (CVE-2022-1996) Helm is a tool for...

CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When...

libvirt vulnerabilities

Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled...

Fedora 40 : firecracker / libkrun / rust-event-manager / rust-kvm-bindings / etc (2024-9974808629)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-9974808629 advisory. vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to...

CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When...

RHEL 9 : git-lfs (RHSA-2024:2079)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2079 advisory. Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

Important: git-lfs security update

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...

K000139429 : Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition:...

Fedora 40 : golang-cloud-google / golang-cloud-google-bigquery / etc (2023-f23d9c5057)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f23d9c5057 advisory. Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG- view authorized Users to modify some...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665 exfat: fix overflow for large capacity partition

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

CVE-2022-48665 exfat: fix overflow for large capacity partition

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-barbican) (RHSA-2023:6231)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6231 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security...

RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-glance) (RHSA-2023:1280)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1280 advisory. OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images. The Image...

CVE-2022-48665

In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 bytes and partition capacity is larger than...

RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2019:1258)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1258 advisory. mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) mysql: Server: Optimizer unspecified...

RHEL 7 / 8 : Synopsis: Red Hat OpenStack Platform (openstack-cinder) (RHSA-2023:1279)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1279 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-swift) (RHSA-2023:1013)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1013 advisory. OpenStack Object Storage (swift) aggregates commodity servers to work together in clusters for reliable, redundant, and large-scale storage ...

RHEL 9 : kernel (RHSA-2024:0461)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0461 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tun: bugs for oversize...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3663)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3663 advisory. http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048) springframework: BCrypt skips salt rounds for work factor of 31...

RHEL 8 : Red Hat OpenShift Container Storage 4.6 update (Moderate) (RHSA-2020:5606)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5606 advisory. golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) golang: data race...

RHEL 7 : openstack-nova (RHSA-2019:2652)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2652 advisory. OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform....

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-cinder) (RHSA-2023:1016)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1016 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through custom...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-glance) (RHSA-2023:1017)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1017 advisory. OpenStack Image Service (code-named Glance) provides discovery,registration, and delivery services for virtual disk images. The Image Service...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin...

RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-swift) (RHSA-2023:1277)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1277 advisory. OpenStack Object Storage (swift) aggregates commodity servers to work together in clusters for reliable, redundant, and large-scale...

RHEL 7 : openstack-cinder (RHSA-2019:0917)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0917 advisory. OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend...

RHEL 6 : CloudForms Commons 1.1 (RHSA-2012:1542)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1542 advisory. Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service (IaaS) product that lets you create and manage private...

RHEL 7 : python-keystoneclient (RHSA-2014:1784)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1784 advisory. Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. It was found that...

K000139423 : OpenJDK vulnerabilities CVE-2024-21002, CVE-2024-21003, and CVE-2024-21004

Security Advisory Description CVE-2024-21002 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to...

RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1593)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1593 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service...

RHEL 6 : katello (RHSA-2012:1186)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1186 advisory. Katello allows you to manage the application life-cycle for Linux systems. Katello is used by CloudForms System Engine, an Infrastructure as a...

RHEL 5 / 6 : Red Hat Storage 2.0 security, update #3 (Low) (RHSA-2012:1456)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1456 advisory. GlusterFS: insecure temporary file creation (CVE-2012-4417) Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:3655)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3655 advisory. mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) mysql: Server: Security: Privileges unspecified...

RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1627)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1627 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to denial of service. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...

CVE-2024-28327

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router...

CVE-2024-28327

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router...

CVE-2024-4235

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

CVE-2024-4235

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who...

Improper Input Validation

vyper is vulnerable to Improper Input Validation. The vulnerability is caused by improper handling of memory or storage arguments in the raw_log builtin, which results in incorrect values being logged when these arguments are used as...