VGPU Software (guest Driver) - Linux, NVIDIA Cloud Gaming (guest Driver) Security Vulnerabilities

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-5009

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's...

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

CVE-2024-4885

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...

CVE-2024-4884

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole...

CVE-2024-4883

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through...

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service...

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

CVE-2024-39301

In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in...

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

CVE-2024-39296

In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding: remove redundant NULL check in debugfs function"). Here are the relevant functions being called: bonding_exit()...

CVE-2024-39293

In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instances redirect to the same...

Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...

salt vulnerabilities

It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651,...

CVE-2024-37167 Tuleap has improper permissions of the backlog items

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

CVE-2024-37167 Tuleap has improper permissions of the backlog items

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

CVE-2024-39371

In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to...

google-guest-agent, google-osconfig-agent vulnerability

USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An...

Malicious code in internal-udfc-pkg (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650) The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious. It is considered malicious because: The package...

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......

roundcube vulnerabilities

Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-5631) Rene....

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in...

Security Bulletin: This Power System update is being released to address CVE-2024-31916

Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details ** CVEID: CVE-2024-31916 DESCRIPTION: **IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor.....

Security Bulletin: This Power System update is being released to address CVE-2023-48795

Summary This affects the BMC's secure shell (SSH) interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection...

Aimeos HTML client may potentially reveal sensitive information in error log

Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...

Aimeos HTML client may potentially reveal sensitive information in error log

Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...

Security Bulletin: This Power System update is being released to address CVE-2023-45857

Summary This affects the BMC's ASMi web application. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value.....

Security Bulletin: This Power System update is being released to address CVE-2023-37453

Summary This affects the BMC's physical USB ports. Vulnerability Details ** CVEID: CVE-2023-37453 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a...

Adobe Commerce & Magento - CosmicSting

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code...

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

CGA-wxjg-ffgp-5j7p

Bulletin has no...

CGA-p9mr-h84j-x2p6

Bulletin has no...

CGA-jj93-25vx-2v32

Bulletin has no...

CGA-4cp8-v8x9-xf65

Bulletin has no...

CGA-mjfg-m349-5324

Bulletin has no...

libheif vulnerabilities

It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-11471) Reza Mirzazade Farkhani discovered that libheif incorrectly handled...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to cross-site scripting due to WebSphere Application Server Liberty

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...