SUSE-SU-2024:1540-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2023-46842: HVM hypercalls may trigger Xen bug check XSA-454, bsc1221984 - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations XSA-455, bsc1222302...

New capabilities to help you secure your AI transformation

AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we...

The vulnerability of software solutions for Juniper Cloud Native Router (JCNR) and Containerized Routing Protocol Daemon (cRPD) lies in the use of hard-coded host SSH keys, which allows an attacker to execute a type of “man-in-the-middle” attack.

The vulnerability of software solutions for Juniper Cloud Native Router JCNR and Containerized Routing Protocol Daemon cRPD is related to the use of hard-coded host SSH keys. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

This Week in Spring - April 30th, 2024

Welcome to yet another amazing installment of This Week in Spring! As usual, we've got a ton of stuff to get into, so let's dive right into it! Chris Bono announces the new versions of Spring Functions Catalog and Spring Cloud Streams Applications In last week's installment of A Bootiful Podcast,...

Fedora 40 : xen (2024-a46df5ba2f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a46df5ba2f advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.18.2, remove patches now included upstream x86 HVM hypercalls may trigge...

RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

TCL 安全漏洞

Tcl is a freely available open source package. It provides a powerful platform for creating integrated applications that tie together various applications, protocols, devices and frameworks. A security vulnerability exists in the TCL 30Z, A3X, 20XE, and 10L, which stems from the fact that certain...

BIT-ENVOY-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...

Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization

Authored by Damon Cabanillas Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program TX-RAMP authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security...

Juniper Networks Juniper Cloud Native Router 安全漏洞

Juniper Networks Juniper Cloud Native Router JCNR is a cloud native router solution from Juniper Networks, Inc. A security vulnerability exists in Juniper Networks Juniper Cloud Native Router JCNR versions prior to 23.4, which stems from the use of hard-coded encryption keys, allowing an attacker...

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection BHI, can be used to leak arbitrary kernel...

PT-2024-3168 · Juniper Networks · Containerized Routing Protocol Daemon +1

Name of the Vulnerable Software and Affected Versions: Juniper Cloud Native Router JCNR versions prior to 23.4 Containerized Routing Protocol Daemon cRPD versions prior to 23.4R1 Description: The issue is related to the use of hard-coded cryptographic keys in Juniper Cloud Native Router JCNR and...

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management PAM solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing...

CVE-2024-26574

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe...

React Native Sms User Consent Intent Redirection Vulnerability

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

CVE-2021-4438 affects kyivstarteam/react-native-sms-user-consent up to 1.1.4 on Android. The issue lies in SmsUserConsentModule.kt, registerReceiver, causing improper export of Android components. Local attack is required. Upgrading to version 1.1.5 fixes the vulnerability (patch: 5423dcb0cd3e4d5...