HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage Secondary Flash Arrays Security Vulnerabilities

libvirt vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of...

Adobe Animate Buffer Overflow Vulnerability (CNVD-2024-19001)

Adobe Animate is a set of Flash animation software from the American company Audobee (Adobe). Adobe Animate suffers from a buffer overflow vulnerability that stems from the application's susceptibility to out-of-bounds reads, leading to sensitive memory leaks that can be exploited by attackers to.....

flash-anzan.com Cross Site Scripting vulnerability OBB-3917839

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...

[SECURITY] [DSA 5658-1] linux security update

Debian Security Advisory DSA-5658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-2176 CVE-2023-6270...

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application...

CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application...

CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application...

CVE-2024-30406

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials....

CVE-2024-30406

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials....

CVE-2024-30406 Junos OS Evolved: ACX Series with Paragon Active Assurance Test Agent: A local high privileged attacker can recover other administrators credentials

A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials....

CVE-2024-27261

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: ...

CVE-2024-27261

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: ...

CVE-2024-27261 IBM Storage Defender - Resiliency Service privilege escalation

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: ...

Sensitive Data Exposure

github.com/kopia/kopiais vulnerable to Sensitive Data Exposure. This vulnerability is due to the "repository status" CLI command with JSON output containing sensitive storage connection credentials which are inadvertently exposed to the...

Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database...

PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the.....

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

APKDeepLens - Android Security Insights In Full Spectrum

APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the...

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)

In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...

Security Bulletin: Improper integrity checking might affect IBM Storage Defender – Resiliency Service (CVE-2024-27261)

Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in data integrity issues. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-27261 DESCRIPTION: **IBM Storage Defender - Resiliency Service could allow a privileged user to install a.....

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition. Vulnerability Details Refer to the security bulletin(s) listed in the...

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see #3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has...

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see #3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has...

[SECURITY] Fedora 39 Update: rpm-ostree-2024.4-6.fc39

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on...

[SECURITY] Fedora 40 Update: rpm-ostree-2024.4-5.fc40

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on...

ROS-20240410-19

The MinIO object storage server vulnerability is related to flaws in access differentiation based on the UpdateServiceAccountAdminAction policy. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their...

virt:kvm_utils3 security update

hivex libguestfs libguestfs-winsupport [8.9-1] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236372 libiscsi libnbd libtpms libvirt [9.0.0-5] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-dbus...

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12276)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12276 advisory. A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function...

Patch Tuesday - April 2024

Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....

Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review

Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...

CVE-2024-29052

Windows Storage Elevation of Privilege...

CVE-2024-29052

Windows Storage Elevation of Privilege...

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the...

CVE-2024-29052 Windows Storage Elevation of Privilege Vulnerability

...

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious...

April 9, 2024—KB5036893 (OS Builds 22621.3447 and 22631.3447)

April 9, 2024—KB5036893 (OS Builds 22621.3447 and 22631.3447) 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise and Education editions. Home and Pro editions of version 22H2 will...

Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583)

Description of the security update for SharePoint Enterprise Server 2016: April 9, 2024 (KB5002583) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-26251......

Windows Storage Elevation of Privilege Vulnerability

...

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy...

K000139227 : amphp/http vulnerability CVE-2024-2653

Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. (CVE-2024-2653) Impact There is no impact; F5 products are not affected by this...

EulerOS 2.0 SP9 : shim (EulerOS-SA-2024-1497)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....

KLA65511 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12271)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12271 advisory. [5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan...