Ryzen™ 4000 Series Processors Security Vulnerabilities

RHEL 6 : libreoffice (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: LibreLogo global-event script execution (CVE-2019-9851) A vulnerability in OpenOffice's PPT...

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

RHEL 6 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc ...

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: the c_rehash script allows command injection (CVE-2022-2068) The OpenSSL DSA signature...

RHEL 6 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

RHEL 6 : mysql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) (CVE-2016-3477) mysql:...

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause...

Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators

Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann Executive Summary Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's...

microcode_ctl bug fix and enhancement update

An update is available for microcode_ctl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The microcode_ctl packages provide microcode updates for Intel...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...

Juniper Junos OS Vulnerability (JSA79109)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79109 advisory. A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU.....

Ubuntu: Security Advisory (USN-6766-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6765-1)

The remote host is missing an update for...

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron,...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander.....

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component....

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

CVE-2024-22472

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

CVE-2024-22472 Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

SUSE: Security Advisory (SUSE-SU-2024:0917-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:0975-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:1139-1)

The remote host is missing an update for...

GLSA-202405-20 : libjpeg-turbo: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-20 (libjpeg-turbo: Multiple Vulnerabilities) Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary...

Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText

From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into...

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

CVE-2024-3576 NPort 5100A Series Store XSS Vulnerability

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and...

GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-15 (Mozilla Firefox: Multiple Vulnerabilities) When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability...