Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

Unbreakable Enterprise kernel security update

[5.4.17-2136.318.7.1] - KVM: arm64: Disabling disabled PMU counters wastes a lot of time (Alexandre Chartre) [Orabug: 33312587] - KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P is set (Alexandru Elisei) [Orabug: 33312587] - KVM: arm64: pmu: Only handle supported event counters...

Mageia: Security Advisory (MGASA-2023-0009)

The remote host is missing an update for...

(RHSA-2023:1468) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

Amazon Linux 2 : libxml2 (ALAS-2023-1996)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1996 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

Unbreakable Enterprise kernel security update

[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-096)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-096 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308) In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c...

Amazon Linux 2023 : xmlsec1, xmlsec1-devel, xmlsec1-openssl (ALAS2023-2023-097)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-097 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2022-40303)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-40303 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the ...

CBL Mariner 2.0 Security Update: rubygem-yajl-ruby (CVE-2022-24795)

The version of rubygem-yajl-ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24795 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the...

Medium: libxml2

Issue Overview: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...

KB5023788: Servicing stack update for Windows Server 2016: March 14, 2023

KB5023788: Servicing stack update for Windows Server 2016: March 14, 2023 ReminderWindows 10, version 1607 Mobile and Mobile Enterprise editions reached end of service on October 9, 2018.Windows 10, version 1607 for Education, Enterprise, and IoT Enterprise reached end of service on April 9, 2019.....

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1510)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2023-1510)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

Multiple XSS @ answer/question/tag

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. # Proof of Concept Posting the Question: func (req *QuestionAdd) Check() (errFields []*validator.FormErrorField,...

Meinberg LANTIME Detection Consolidation

Consolidation of Meinberg LANTIME NTP Timeserver device ...

Fedora: Security Advisory for plasma-nano (FEDORA-2023-e31c3e4b6c)

The remote host is missing an update for...

[SECURITY] Fedora 37 Update: plasma-nano-5.27.1-1.fc37

%{Summary}...

Fedora 37 : bluedevil / breeze-gtk / flatpak-kcm / grub2-breeze-theme / etc (2023-e31c3e4b6c)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-e31c3e4b6c advisory. Plasma 5.27.1 ---- Add patch to disable global shortcuts at login for the SDDM Plasma Wayland configuration (#2171332) (FEDORA-2023-e31c3e4b6c) ...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

Unbreakable Enterprise kernel security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2023-1393)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1393)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2023-1365)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1365)

The remote host is missing an update for the Huawei...

Sandfly-Entropyscan - Tool To Detect Packed Or Encrypt ed Binaries Related To Malware, Finds Malicious Files And Linux Processes And Gives Output With Cryptographic Hashes

What is sandfly-entropyscan? sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy (measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1304)

The remote host is missing an update for the Huawei...

CVE-2022-40134

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM...

EulerOS Virtualization 3.0.2.2 : yajl (EulerOS-SA-2023-1304)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

Fedora 37 : open62541 (2023-4827db70a8)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4827db70a8 advisory. The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory (AD) domain. Neither contributor incur any...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series - January 2023

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, compromised data integrity and...

AlmaLinux 9 : libxml2 (ALSA-2023:0338)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0338 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

Oracle Linux 9 : libxml2 (ELSA-2023-0338)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0338 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

RHEL 9 : libxml2 (RHSA-2023:0338)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0338 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option...

RHEL 8 : libxml2 (RHSA-2023:0173)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0173 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option...

Oracle Linux 8 : libxml2 (ELSA-2023-0173)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0173 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

AlmaLinux 8 : libxml2 (ALSA-2023:0173)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0173 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1160)

The remote host is missing an update for the Huawei...

Unbreakable Enterprise kernel security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1240)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1181)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1210)

The remote host is missing an update for the Huawei...

Unbreakable Enterprise kernel-container security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

EulerOS Virtualization 2.9.0 : yajl (EulerOS-SA-2023-1240)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

EulerOS Virtualization 2.10.1 : yajl (EulerOS-SA-2023-1160)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

EulerOS Virtualization 2.9.1 : yajl (EulerOS-SA-2023-1210)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

EulerOS Virtualization 2.10.0 : yajl (EulerOS-SA-2023-1181)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1106)

The remote host is missing an update for the Huawei...

Unbreakable Enterprise kernel security update

[4.14.35-2047.521.4] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 34883100] [4.14.35-2047.521.3] - Revert 'random: use expired timer rather than wq for mixing fast pool' (Saeed Mirzamohammadi) [Orabug: 34918228] [4.14.35-2047.521.2] - RDS/IB: Fix the...