VGPU Software (guest Driver - Linux), NVIDIA Cloud Gaming (guest Driver - Linux) Security Vulnerabilities

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this...

CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3

CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is...

CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3

CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3. A patched version of the package is...

CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

Improper Input Validation

github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service (DoS)...

CGA-p2qq-w8qw-6vjp

Bulletin has no...

Path Traversal

github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file...

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive...

US bans Kaspersky, warns: “Immediately stop using that software”

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....

SQL Injection

Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL...

CGA-hv8x-jmgj-fp3m

Bulletin has no...

CGA-hm7p-55gr-6rwf

Bulletin has no...

CGA-xw46-g57p-x8jh

Bulletin has no...

CGA-6qmv-w6v4-7g8w

Bulletin has no...

CGA-ggfp-f887-7www

Bulletin has no...

CGA-4qv7-4gh9-g2pj

Bulletin has no...

CGA-2974-f63r-wqfr

Bulletin has no...

CGA-xg53-gr2g-vffm

Bulletin has no...

CGA-fh4x-g9g6-mcx4

Bulletin has no...

CGA-93gv-hv4c-83gx

Bulletin has no...

CGA-5xfh-j46h-x23q

Bulletin has no...

CGA-qfjm-7vpv-9jgw

Bulletin has no...

CGA-p6hq-rr8r-gjcp

Bulletin has no...

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection...

User Enumeration

silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response...

Was T-Mobile compromised by a zero-day in Jira?

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...

Security Bulletin: Multiple vulnerabilities in IBM Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....

BIT-kibana-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

BIT-elk-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

SQL Injection

silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection...

Incorrect Authorization

github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...

Remote Code Execution (RCE)

js2py is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the js2py.disable_pyimport() function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code...

Denial Of Service (DoS)

io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service...

ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

CVE-2021-47621

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE)...

CSV Injection

silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's...

Improper Input Validation

Apache Superset is vulnerable to Improper Input Validation. The vulnerability is due to a lack of validation of user-supplied input. If an authenticated attacker creates a MariaDB connection with the local_infile option enabled, they can execute a specific MySQL/MariaDB SQL command which results...

Improper Preservation Of Permissions

github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NO_PERMISSION response when the user should have...

Security Bulletin: Cryptography cipher update

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as...

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....

Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i [CVE-2024-31890].

Summary IBM i is vulnerable to a local user with command line access gaining elevated privilege due to a flaw in IBM TCP/IP Connectivity Utilities for i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...