Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 1 (5.4.4-119)

This update provides important stability fixes for the core storage, object storage, and compute services. Vulnerability id: VSTOR-74982 Fixed the customization of S3 URLs with CNAME records. Vulnerability id: VSTOR-75137, VSTOR-75225 Fixed storage and metadata service issues related to incorrect...

aicscytoparam (>=0.1.1 <=0.1.2), aicsimageio (>=3.3.6 <=3.3.7) +45 more potentially affected by CVE-2023-4863 +1 more via imagecodecs (>=2019.12.31 <=2023.7.10)

imagecodecs PYPI version =2019.12.31, =0.1.1, =3.3.6, =1.10.0, =0.1.13, =1.2.9, =1.1.0, =1.1.15, =1.2.0, =2.0.0, =0.1.1, =0.4.0, =0.1.1, =2021.11.20, =2022.9.26 and more Source cves: CVE-2023-4863, CVE-2023-5129 Source advisory: OSV:PYSEC-2023-174...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 (5.4.4-112)

This update delivers a new feature for the compute service, performance optimization for the object storage, as well as stability, security, and performance improvements. Vulnerability id: VSTOR-74916 VMs with Windows Server 2019, Windows Server 2022, and Windows 10 fail to boot after installatio...

PT-2023-18384 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns an example implementation related to the Open Compute Project's short-form report generator for Vendor Security Reviews. The short-form report is a JSON object...

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Intel NUC Security Vulnerability

Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in Intel NUC. An attacker could exploit this vulnerability to obtain sensitive information. The following products are affected: IntelR NUC 13 Extreme Compute Element, IntelR NUC 13 Extreme Kit, IntelR N...

(0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability. The specific flaw exists within the handling of certificates...

Cryptojacking: Understanding and defending against cloud compute resource abuse

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted...

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

Design/Logic Flaw

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695 File and Directory Permission Vulnerability in Hitachi Command Suite

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

CVE-2020-36695

CVE-2020-36695 is a File/Directory Permissions vulnerability in Hitachi Command Suite components on Linux caused by incorrect default permissions in the Device Manager Server component, Hitachi Tuning Manager server, and related agents, enabling file manipulation. Affected versions: Hitachi Devic...

CVE-2020-36695 File and Directory Permission Vulnerability in Hitachi Command Suite

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

Hitachi Replication Manager 安全漏洞

Hitachi Replication Manager is a complete backup and disaster recovery application from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in some Hitachi products that stems from incorrect default privilege settings. The following products and versions are affected: Hitachi Device...

GHSA-J54R-W587-95Q7 Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute...

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...

Code injection

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks...