VGPU Software (guest Driver - Linux), VGPU Software (Virtual GPU Manager - Citrix Hypervisor, VMware VSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (guest Driver - Linux), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) Security Vulnerabilities

CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1

CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-21896 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21896 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2023-39325 affecting package cri-o for versions less than 1.30.1-1

CVE-2023-39325 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1

CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...

CVE-2023-44487 affecting package cri-o for versions less than 1.30.1-1

CVE-2023-44487 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2023-52425 affecting package expat for versions less than 2.6.2-1

CVE-2023-52425 affecting package expat for versions less than 2.6.2-1. An upgraded version of the package is available that resolves this...

CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1

CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...

CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6

CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6. A patched version of the package is...

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2

CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this...

CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3

CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is...

CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3

CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3. A patched version of the package is...

CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1

CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability

An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...

Improper Input Validation

github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service (DoS)...

CGA-p2qq-w8qw-6vjp

Bulletin has no...

Path Traversal

github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file...

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive...

US bans Kaspersky, warns: “Immediately stop using that software”

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....

SQL Injection

Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL...

CGA-hv8x-jmgj-fp3m

Bulletin has no...

CGA-hm7p-55gr-6rwf

Bulletin has no...

CGA-xw46-g57p-x8jh

Bulletin has no...

CGA-6qmv-w6v4-7g8w

Bulletin has no...

CGA-ggfp-f887-7www

Bulletin has no...

CGA-4qv7-4gh9-g2pj

Bulletin has no...

CGA-2974-f63r-wqfr

Bulletin has no...

CGA-xg53-gr2g-vffm

Bulletin has no...

CGA-fh4x-g9g6-mcx4

Bulletin has no...

CGA-93gv-hv4c-83gx

Bulletin has no...

CGA-5xfh-j46h-x23q

Bulletin has no...

CGA-qfjm-7vpv-9jgw

Bulletin has no...

CGA-p6hq-rr8r-gjcp

Bulletin has no...

Information Disclosure

typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection...

User Enumeration

silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response...

Was T-Mobile compromised by a zero-day in Jira?

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...

Security Bulletin: Multiple vulnerabilities in IBM Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....

BIT-kibana-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

BIT-elk-2024-23443

A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...

SQL Injection

silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection...

Incorrect Authorization

github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...

Remote Code Execution (RCE)

js2py is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the js2py.disable_pyimport() function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code...

Denial Of Service (DoS)

io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service...