org.apache.pinot:pinot-compatibility-verifier (=0.10.0), org.apache.pinot:pinot-distribution (>=0.1.0 <=0.10.0) +7 more potentially affected by CVE-2024-39676 via org.apache.pinot:pinot-controller (>=0.10.0 <=0.9.3)

org.apache.pinot:pinot-controller MAVEN version =0.10.0, =0.1.0, =0.11.0, =0.9.0, =0.1.0, =0.8.0, =0.8.0, =0.1.0, =0.1.0, =0.10.0 Source cves: CVE-2024-39676 Source advisory: OSV:GHSA-8GJ9-R4HV-3JJW...

SUSE-SU-2024:2568-1 Security update for mockito, snakeyaml, testng

This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline...

CLSA-2024-1721204645 shim-signed: Fix of 4 CVEs

Make this package installable on a system having a either Centos or Cloudlinux signed kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves: CVE-2023-40551...

Citrix Virtual Apps and Desktop - Configuration, Policies and Security.

Introduction This article is a summary of the top support articles related to Citrix Virtual Apps and Desktop product configuration, compatibility and security. It also provides information related to Citrix Policies: Common issues, configuration and troubleshooting. Top Knowledge Content Securit...

Support for XenApp in Virtualized Environments

This article provides information on support for XenApp in virtualized environments. Virtual servers provide mainframe-class virtual machines on Intel and AMD architecture servers, and are ideally suited for consolidating and partitioning systems in high-performance environments. Citrix supports...

VMware vSphere 5.5 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware products. Citrix supports VMware vSphere 5.5, vSphere 5.5 Update 1, vSphere 5.5 Update 2, and vSphere 5.5 Update 3. This article outlines issues and their known solutions that users of vSphere 5.5, vSphere 5.5 Update 1, vSphere...

How to Make the Provisioning Services Server Client Coexist with Third-party Network Drivers

This article describes how to run the Provisioning Server client on a target device along with third-party network applications that also occupy the network device driver stack. Background In the Windows Driver Model WDM, systems manage a device through a linked stack of layered device drivers. T...

VMware vSphere 6 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware hypervisor releases. VMware released vSphere 6 in March 2015, vSphere 6 Update 1 in September 2015, vSphere 6 Update 2 in March 2016 and vSphere 6 Update 3 in March 2017. Basic compatibility testing has been performed between...

CVE-2024-40943

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2diowrgetblock", fstests/generic/300 become from always failed to sometimes failed:...

CVE-2024-40943

CVE-2024-40943 arises from a race in OCFS2 where hole punching and AIO/DIO co-exist, allowing an unwritten extent to be removed during I/O. The Linux kernel fix adds synchronization to wait for outstanding direct I/O before fallocate/punch_hole, preventing inconsistent extent state and potential ...

Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like JavaScript functions, HTML5 elements, and various APIs work across different browsers. Originally...

Microsoft SQL Server Security Vulnerability

Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products and editions are...

Installing Teams 2.x in an App Layering

Teams will not work properly in an image if it was installed in an App Layer using any version for App Layering prior to 2403.2...

[SECURITY] Fedora 40 Update: yt-dlp-2024.07.02-1.fc40

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

Static IP loss when updating to VM Tools for Windows 9.3.3 or earlier

Sometimes, when the drivers for XenServer VM Tools for Windows are updated through Windows Update, the static IP settings are lost and the network settings change to use DHCP. Important: This issue persists when updating from versions earlier than 9.3.3. This issue is fixed for updates from 9.3.3...

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

GHSA-3669-72X9-R9P3 Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

Polyfill Detected

The polyfill.js file is a popular open-source library to ensure old browsers compatibility when evaluating JavaScript code. Starting February 2024, the domain polyfill.io and the related GitHub account have been purchased by a malicious threat actor to inject malwares in all web applications...

CVE-2024-36479

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...