Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

[SECURITY] [DLA 3516-1] burp security update

Debian LTS Advisory DLA-3516-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 05, 2023 https://wiki.debian.org/LTS Package : burp Version : 2.1.32-2+deb10u1 CVE ID :...

Debian DLA-3516-1 : burp - LTS security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3516 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...

Fedora 37 : yajl (2023-852b377773)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-852b377773 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

EulerOS Virtualization 3.0.6.6 : libxml2 (EulerOS-SA-2023-2412)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2412)

The remote host is missing an update for the Huawei...

Amazon Linux 2023 : yajl, yajl-devel (ALAS2023-2023-263)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-263 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when...

Exploit for Deserialization of Untrusted Data in Apache Log4J

The Log4j vulnerability, also known as "Log4Shell" or...

Ubuntu 16.04 ESM / 18.04 ESM : YAJL vulnerabilities (USN-6233-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6233-1 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with...

Fedora 38 : yajl (2023-00572178e1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-00572178e1 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

Debian: Security Advisory (DLA-3492-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3492-1] yajl security update

Debian LTS Advisory DLA-3492-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost July 11, 2023 https://wiki.debian.org/LTS Package : yajl Version : 2.1.0-3+deb10u2 CVE ID :...

Debian DLA-3492-1 : yajl - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3492 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...

Exploit for Improper Privilege Management in Sudo Project Sudo

Linux Privilege...

Qualys Performance Tuning Series: Qualys Cloud Agent Configuration Best Practice

The following blog is part of our Qualys Performance Tuning Series. The first blog covered the topic of optimizing performance through the removal of stale assets. This series aims to provide you with comprehensive guidance on how to enhance the efficiency and effectiveness of your Qualys...

SUSE: Security Advisory (SUSE-SU-2023:2783-1)

The remote host is missing an update for...

Amazon Linux 2 : yajl (ALAS-2023-2101)

The version of yajl installed on the remote host is prior to 2.0.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2101 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

NVIDIA Linux GPU Display Driver (Jun 2023)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with...

NVIDIA Windows GPU Display Driver (Jun 2023)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities, as follows: NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to code...

CVE-2023-2290

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary...

CVE-2023-25520

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...

CVE-2023-25520

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...

CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

Design/Logic Flaw

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

Design/Logic Flaw

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...

CVE-2023-25520

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of...

CVE-2023-25518

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - June 2023

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....

Medium: yajl

Issue Overview: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at yajl_buf.c#L64 may...

Scanner-and-Patcher - A Web Vulnerability Scanner And Patcher

This tools is very helpful for finding vulnerabilities present in the Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves generation of malicious inputs and evaluation of...

EulerOS Virtualization 3.0.6.0 : yajl (EulerOS-SA-2023-2217)

According to the versions of the yajl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

EulerOS Virtualization 3.0.6.0 : libxml2 (EulerOS-SA-2023-2212)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709) An issue was discovered in libxml2...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-2217)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2023-2039)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2023-2091)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2023-1924)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1924)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1893)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.10.1 : libxml2 (EulerOS-SA-2023-1893)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1726)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1740)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 3.0.2.0 : yajl (EulerOS-SA-2023-1726)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

EulerOS Virtualization 3.0.2.0 : libxml2 (EulerOS-SA-2023-1740)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Amazon Linux AMI : libxml2 (ALAS-2023-1743)

The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1743 advisory. parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the ...

Medium: libxml2

Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. (CVE-2017-16931) GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in.....

EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2023-1660)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1626)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-1626)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.318.7.1.el7] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time (Alexandre Chartre) [Orabug: 33312587] - KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set (Alexandru Elisei) [Orabug: 33312587] - KVM: arm64: pmu: Only handle supported event...