SUSE-SU-2024:0507-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

CVE-2024-26261 Hgiga OAKlouds - Arbitrary File Read And Delete

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-6632-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6632-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to...

CVE-2024-21875

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v billboard modules allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3...

Code injection

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v billboard modules allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3...

CVE-2024-21875

CVE-2024-21875 describes an Allocation of Resources Without Limits or Throttling vulnerability in the Hacker Hotel Badge 2024, specifically affecting RISCV billboard modules. The issue allows a denial-of-service condition through resource flooding, impacting badge firmware versions 0.1.0–0.1.3. T...

PT-2024-19106 · Unknown · Hacker Hotel Badge 2024

Name of the Vulnerable Software and Affected Versions: Hacker Hotel Badge 2024 versions 0.1.0 through 0.1.3 Description: The issue is related to an Allocation of Resources Without Limits or Throttling vulnerability in the Badge, leading to a denial of service attack. This vulnerability allows...

br.com.thiaguten:umbrella-configuration (>=0.1.0 <=1.0.0), br.com.thiaguten:umbrella-core (>=0.1.0 <=1.0.0) +1272 more potentially affected by CVE-2023-1932 via org.hibernate:hibernate-validator (>=6.0.0.Beta2 <=6.1.7.Final)

org.hibernate:hibernate-validator MAVEN version =6.0.0.Beta2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.3.2-beta.6, =2.3.2-beta.5, =1.0.0, =1.1.16 - cn.openjava:openjava-spring-boot-starter =1.0.1 - cn.springcloud.gray:spring-cloud-gray-server =D.0.1.0-Beta-3 -...

com.almis.awe:awe-annotation (>=4.7.1 <=4.7.7), com.almis.awe:awe-annotations-spring-boot-starter (>=4.7.1 <=4.7.7) +28 more potentially affected by CVE-2023-34042 via org.springframework.security:spring-security-config (>=6.0.4 <=6.0.6)

org.springframework.security:spring-security-config MAVEN version =6.0.4, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.7 - com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter =4.0.0-M1 and more Source cves:...

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.0), com.linecorp.centraldogma:centraldogma-server-auth-shiro (>=0.33.0 <=0.64.0) +7 more potentially affected by CVE-2024-1143 via com.linecorp.centraldogma:centraldogma-server (>=0.17.0 <=0.64.0)

com.linecorp.centraldogma:centraldogma-server MAVEN version =0.17.0, =0.33.0, =0.33.0, =0.61.0, =0.62.0, =0.17.0, =0.44.0, =0.44.0, =0.44.0, =0.64.0 - com.linecorp.centraldogma:centraldogma-xds =0.64.0 Source cves: CVE-2024-1143 Source advisory: OSV:GHSA-34Q3-P352-C7Q8...

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...

OESA-2024-1129 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a...

SUSE CVE-2021-33631

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux filesystem modules allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0...

CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

CVE-2024-21803 Possible UAF in bt_accept_poll in Linux kernel

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

CVE-2024-21803 Possible UAF in bt_accept_poll in Linux kernel

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=2.0.0 <=4.0.0-alpha) +22 more potentially affected by CVE-2023-29055 via org.apache.kylin:kylin-core-common (>=2.0.0 <=4.0.0-alpha)

org.apache.kylin:kylin-core-common MAVEN version =2.0.0, =2.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.3.2, =2.0.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2023-29055 Source advisory:...

Arbitrary Code Execution

Processwire is vulnerable to Arbitrary Code Execution. The vulnerability is due to the downloadzipurl parameter when installing new modules. which allows an attacker to execute arbitrary code and install a reverse shell...

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...