VGPU Software (Virtual GPU Manager - Citrix Hypervisor, VMware VSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) Security Vulnerabilities

CVE-2024-33621 ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at....

CVE-2024-33619 efi: libstub: only free priv.runtime_map when allocated

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

CVE-2024-31076 genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the...

CVE-2023-52884 Input: cyapa - add missing input core locking to suspend/resume functions

In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system suspend/resume...

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper input validation of HTML content, which allows authenticated users with page edit permission to perform...

Insecure Deserialization

typo3/cms is vulnerable to Insecure Deserialization. The vulnerability is due to the execution of source code from Phar files when they are invoked. Due to missing sanitization of user input, attackers can upload obfuscated Phar files ("bundle.txt") and manipulate URLs in TYPO3 backend forms to...

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious...

Account Takeover

silverstripe/framework is vulnerable to Account Takeover. The vulnerability is due to plain text storage of user login attempts, which may include sensitive data like passwords mistyped into the username field. The vulnerability allows an attacker could gain unauthorized access to user credentials....

Authentication Bypass

typo3/cms is vulnerable to Authentication Bypass. The vulnerability is due to late TCA initialization, which fails to restrict frontend users according to the validation rules, allowing attackers to authenticate restricted (e.g., disabled) frontend...

CVE-2024-33873 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-33873 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32615 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32615 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1

CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-28182 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-32621 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32621 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1

CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this...

CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1

CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-28863 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2023-45288 affecting package cri-o for versions less than 1.30.1-1

CVE-2023-45288 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29160 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29161 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29161 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-31852 affecting package llvm for versions less than 18.1.2-3

CVE-2024-31852 affecting package llvm for versions less than 18.1.2-3. A patched version of the package is...

CVE-2019-11835 affecting package libglvnd for versions less than 1.7.0-2

CVE-2019-11835 affecting package libglvnd for versions less than 1.7.0-2. A patched version of the package is...

CVE-2024-32619 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32619 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32611 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32611 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32620 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32620 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29164 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29164 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-0553 affecting package gnutls for versions less than 3.8.3-1

CVE-2024-0553 affecting package gnutls for versions less than 3.8.3-1. An upgraded version of the package is available that resolves this...

CVE-2013-6381 affecting package kernel for versions less than 6.6.29.1-4

CVE-2013-6381 affecting package kernel for versions less than 6.6.29.1-4. An upgraded version of the package is available that resolves this...

CVE-2014-0069 affecting package kernel for versions less than 6.6.29.1-4

CVE-2014-0069 affecting package kernel for versions less than 6.6.29.1-4. A patched version of the package is...

CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1

CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1. An upgraded version of the package is available that resolves this...

CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.7.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1

CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-22017 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22017 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-26908 affecting package kernel for versions less than 6.6.29.1-4

CVE-2024-26908 affecting package kernel for versions less than 6.6.29.1-4. An upgraded version of the package is available that resolves this...

CVE-2024-0607 affecting package kernel for versions less than 6.6.29.1-4

CVE-2024-0607 affecting package kernel for versions less than 6.6.29.1-4. A patched version of the package is...

CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1

CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2024-3727 affecting package ig for versions less than 0.29.0-1

CVE-2024-3727 affecting package ig for versions less than 0.29.0-1. An upgraded version of the package is available that resolves this...

CVE-2021-21334 affecting package cri-o for versions less than 1.30.1-1

CVE-2021-21334 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2021-38190 affecting package librsvg2 for versions less than 2.58.1-1

CVE-2021-38190 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-33874 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-33874 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32622 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32622 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32607 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32607 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29158 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29158 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32610 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32610 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29166 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29166 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32609 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32609 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32614 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32614 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-28757 affecting package expat for versions less than 2.6.2-1

CVE-2024-28757 affecting package expat for versions less than 2.6.2-1. An upgraded version of the package is available that resolves this...