G9 Lite, Honor 5a, Honor 6x, Honor 8 Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related...

Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific...

CVE-2021-3571 affecting package linuxptp 2.0-8

CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...

CVE-2019-20633 affecting package patch 2.7.6-8

CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...

CVE-2023-22609 affecting package binutils 2.37-8

CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22604 affecting package binutils 2.37-8

CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22607 affecting package binutils 2.37-8

CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22606 affecting package binutils 2.37-8

CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2022-41725 affecting package gcc 11.2.0-8

CVE-2022-41725 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...

CVE-2022-2990 affecting package buildah 1.18.0-8

CVE-2022-2990 affecting package buildah 1.18.0-8. This CVE either no longer is or was never...

CVE-2022-41724 affecting package gcc 11.2.0-8

CVE-2022-41724 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...

CVE-2023-22605 affecting package binutils 2.37-8

CVE-2023-22605 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22603 affecting package binutils 2.37-8

CVE-2023-22603 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2020-25657 affecting package m2crypto 0.35.2-8

CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available...

CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8

CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8. No patch is available...

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is...

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...

BIT-bpftool-2021-45941

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and...

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It...

Exploit for CVE-2024-37765

Description MachForm up to version 19 is affected by an...

Security Bulletin: User configuration failures in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-50312)

Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...

Security Bulletin: IBM Tivoli Netcool Impact could provide weaker tha expected security due to IBM WebSphere Application Server Liberty (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

WordPress WPCode Lite 2.1.14 Cross Site Scripting

...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)

The remote host is missing an update for the Huawei...

OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...

CVE-2016-20022

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1868)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3840-1)

The remote host is missing an update for the...

Important Photon OS Security Update - PHSA-2024-4.0-0642

Updates of ['openssh'] packages of Photon OS have been...

FreeBSD-SA-24:04.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

OpenSSH Server regreSSHion Remote Code Execution

...

Debian dla-3846 : libmojolicious-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....

CVE-2023-2976 affecting package guava for versions less than 25.0-8

CVE-2023-2976 affecting package guava for versions less than 25.0-8. A patched version of the package is...

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...

CVE-2024-5925

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5925

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5922

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5922

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...