Ryzen™ 3000 Series Desktop Processors Security Vulnerabilities

GLSA-202405-29 : Node.js: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-29 (Node.js: Multiple Vulnerabilities) The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. (CVE-2020-7774) A flaw was found in c-ares library, where a missing input validation check of...

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

Sensitive Information Disclosure

topthink/framework is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of error messages, which can reveal the PHPSESSION cookie through debug error output source code when a crafted URI is used in a GET...

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

CVE-2024-22472 Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

SUSE: Security Advisory (SUSE-SU-2024:1497-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1002-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1368-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1169-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1162-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0901-1)

The remote host is missing an update for...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...

SUSE: Security Advisory (SUSE-SU-2024:1498-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1539-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0898-1)

The remote host is missing an update for...

SUSE SLES15 Security Update : flatpak (SUSE-SU-2024:1535-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1535-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9,...

SUSE: Security Advisory (SUSE-SU-2024:1167-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1079-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1151-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1151-2)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1270-1)

The remote host is missing an update for...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

SUSE: Security Advisory (SUSE-SU-2024:1122-1)

The remote host is missing an update for...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

SUSE: Security Advisory (SUSE-SU-2024:1350-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1192-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1100-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1258-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1129-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0864-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1304-1)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : flatpak (SUSE-SU-2024:1536-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1536-1 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux....

SUSE: Security Advisory (SUSE-SU-2024:1394-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1375-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0515-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1365-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1440-1)

The remote host is missing an update for...

KLA66617 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in ANGLE can be exploited to cause denial of service or execute...

SUSE: Security Advisory (SUSE-SU-2024:0156-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1470-1)

The remote host is missing an update for...

GLSA-202405-20 : libjpeg-turbo: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-20 (libjpeg-turbo: Multiple Vulnerabilities) Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary...