Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics “Renoir” AM4 Security Vulnerabilities

EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1748)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...

RHEL 8 : gdisk (RHSA-2024:3486)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3486 advisory. The gdisk packages provide the gdisk partitioning utility for GUID Partition Table (GPT) disks. The utility features a command-line...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-1741)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including...

SUSE SLES15 / openSUSE 15 Security Update : warewulf4 (SUSE-SU-2024:1838-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1838-1 advisory. - fixed wwctl configure --all doesn't configure ssh (bsc#1225402) - update to 4.5.2 with following changes: * Reorder dnsmasq config to...

SUSE: Security Advisory (SUSE-SU-2024:1834-1)

The remote host is missing an update for...

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:1836-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1836-1 advisory. - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream,...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

FreeBSD : chromium -- security fix (6926d038-1db4-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6926d038-1db4-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

CVE-2024-36892

In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object freeing separately") splits single and bulk object freeing in two functions slab_free() and...

CVE-2024-36930

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to....

CVE-2024-36907

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result,...

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability (CWE-78). ## Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the...

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1780)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1744)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1736)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1758)

The remote host is missing an update for the Huawei...

CVE-2024-36925

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following crash when...

CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1742)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)

The remote host is missing an update for the Huawei...

A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more

Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think,...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1724)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1712)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1713)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1717)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1723)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1721)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1734)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:1832-1)

The remote host is missing an update for...

Qlik Sense Enterprise Privilage Escalation (CVE-2024-36077)

The version of Qlik Sense Enterprise installed on the remote Windows host is prior to May 2022 prior to Patch 18, August 2022 prior to Patch 17, November 2022 prior to Patch 14, February 2023 prior to Patch 14, May 2023 prior to Patch 16, August 2023 prior to Patch 14, November 2023 prior to patch....

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1736)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect domain; is configured,...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-1738)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service...

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2024-1740)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of...

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1757)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2024-1780)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC'...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1767)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-1744)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...

SUSE SLES12 Security Update : xdg-desktop-portal (SUSE-SU-2024:1832-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1832-1 advisory. - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). Tenable has extracted the preceding description block...

RHEL 8 : ruby:3.0 (RHSA-2024:3500)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3500 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1728)

The remote host is missing an update for the Huawei...

SUSE: Security Advisory (SUSE-SU-2024:1806-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1831-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1726)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1718)

The remote host is missing an update for the Huawei...

Oracle Linux 8 : gdk-pixbuf2 (ELSA-2024-3341)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3341 advisory. [2.36.12-6] - Backport fixes for CVE-2022-48622 - Apply patches with git to enable binary patching - Resolves: RHEL-30478 Tenable has extracted the preceding...

EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-1767)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...

EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1773)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...