kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RockyLinux 9 : kernel (RLSA-2024:8617)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8617 advisory. hw: cpu: intel: Native Branch History Injection BHI CVE-2024-2201 kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26640 kernel: mptcp: fix data...

IBM Concert Trust Management Issues Vulnerability (CNVD-2024-49175)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A trust management issue vulnerability exists in IBM Concert versions 1.0.0 and 1.0.1 that stems from vulnerability to attacks that rely on the use of...

Introducing the next generation of AI-powered remediation: Choose your own remediation strategy

The new AI-powered remediation 2.0 combines the power of GenAI with the Wiz Research Team’s expertise in identifying cloud-native attack paths...

RHEL 6 : jbossws-common (RHSA-2011:1303)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1303 advisory. The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implemen...

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...

Malicious code in appdynamics-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70c96cea6a10d2b4ae166a690923503d2ffa5332aad78229c2768c36ca911918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10320 Malicious code in appdynamics-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 70c96cea6a10d2b4ae166a690923503d2ffa5332aad78229c2768c36ca911918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition when the fallback socketpair implementation is used on platforms that lack native support and the vulnerable function does not properly authenticate the connected sockets. An attacker must be able to predict the address a...

Malicious code in react-native-blue-crypto (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25cdf24ea56c6768c56579fca642bb9bf9510233ad5c87f48f9ec0cfc336c8c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10277 Malicious code in react-native-blue-crypto (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25cdf24ea56c6768c56579fca642bb9bf9510233ad5c87f48f9ec0cfc336c8c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2024-47827

A flaw was found in Argo Workflows. Due to a race condition in a global variable, the Argo Workflows controller can crash on command by any user with access to execute a workflow, which can lead to a denial of service...

Wiz Expands Runtime Protection to Serverless Containers

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps...

CVE-2022-49003

A vulnerability was found in the Linux kernel's NVMe driver, involving a race condition in multipath configurations with RDMA connections. The nvmenshead list that tracks NVMe namespaces is not properly synchronized with the SRCU lock in the nvmempathrevalidatepaths function. This can cause a...

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

Fedora: Security Advisory (FEDORA-2024-bf524bf5c0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-ff98facbc6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40

Rustls-native-certs allows rustls to use the platform native certificate store...