CVE-2024-44950 serial: sc16is7xx: fix invalid FIFO access with special register set

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO...

OPENSUSE-SU-2024:0274-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: CVE-2024-34340: Authentication Bypass when using using older password hashes boo1224240 CVE-2024-25641: RCE vulnerability when importing packages boo1224229 CVE-2024-31459: RCE vulnerability when plugins include files...

The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface allows a attacker to execute arbitrary SQL commands.

The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

PT-2024-9154 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8 Nextcloud Enterprise Server versions prior to 28.0.10 Nextcloud Enterprise Server versions prior to...

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

PT-2024-5844 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.0 through 22.10.22 Centreon Web versions 23.04.0 through 23.04.18 Centreon Web versions 23.10.0 through 23.10.12 Centreon Web versions 24.04.0 through 24.04.2 Description: A SQL Injection vulnerability exists in th...

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

Centreon Web 安全漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon Web that stems from a SQL injection vulnerability in t...

CVE-2024-33854

Centreon Web contains a SQL Injection in the Graph Template component. Affected versions are 22.10.0–22.10.22, 23.04.0–23.04.18, 23.10.0–23.10.12, and 24.04.0–24.04.2; fixed in 22.10.23, 23.04.19, 23.10.13, and 24.04.3 respectively. Root cause is lack of protection of the SQL query structure. Rem...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2024:5291 Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip:...

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...

New Go-based Backdoor GoGra Targets South Asian Media Organization

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control C&C server hosted on Microsoft mail services," Symantec, part ...

The vulnerability of the `media_pipeline_explore_next_link()` function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the mediapipelineexplorenextlink function in the drivers/media/mc/mc-entity.c kernel module of the Linux operating system is related to insufficient checking of conditions during graph traversal. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git, which facilitates collaborative code development on GitLab, allows a malicious individual to gain unauthorized access to confidential information.

The vulnerability of the GraphQL Subscription Handler component of the software platform based on Git for collaborative code development on GitLab is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-2028)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Your control tower to secure code across GitHub, GitLab, and Azure Repos

Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning...

[SECURITY] Fedora 40 Update: onnx-1.14.1-3.fc40

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

New APT Group "CloudSorcerer" Targets Russian Government Entities

A previously undocumented advanced persistent threat APT group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control C2 and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said...

SUSE CVE-2024-39481

In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in mediapipelinestart The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIALNKFLANCILLARYLINK link. Fix this by allowing the walk to proceed...