Security update for the Linux Kernel RT (Live Patch 18 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001364 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. Patch Instructions: To install this...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2023-52752: smb: client: fix...

Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2021-47598: schcake: do not cal...

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

GHSA-7F6P-PHW2-8253 Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

Wiz observes exploitation in the wild of PAN-OS vulnerabilities

Detect and mitigate CVE-2024-0012 and CVE-2024-9474, PAN-OS vulnerabilities which Wiz Threat Research has observed being exploited in-the-wild. Organizations should patch urgently...

CVE-2024-52585 Autolab has HTML Injection Vulnerability

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

CISA Urges Patching of Critical Palo Alto Networks’ Expedition Tool Vulnerability

A critical security vulnerability in Palo Alto Networks' Expedition tool is being actively exploited by hackers. CISA urges…...

Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guidelin...

Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024178 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651. CVE-2024-41059:...

Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024197 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2021-47291: ipv6:...

SUSE CVE-2024-49888

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error: Oops: divide error: 0000 1 PREEMPT SMP KASAN PTI The failure is due to the below signed divide:...

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Patches Will be patched in 14.3.1 and 15.0.0. Workarounds...

CVE-2024-49888

CVE-2024-49888 – Linux kernel (BPF) sdiv/smod overflow fix . The issue affects the BPF subsystem where division by -1 can overflow for 64-bit operands (LLONG_MIN/-1) on x86_64, potentially triggering a kernel crash; on arm64, results differ (LLONG_MIN/-1 yields LLONG_MIN). The provided patch logi...

Oracle Database Server (October 2024 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Spatial and Graph libcurl2 component of Oracle Database Server. Supported versions that are affected are...

PT-2024-33437 · Zoho · Zoho Crm Lead Magnet

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet versions 1.7.9.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

UBUNTU-CVE-2024-47888

Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002492 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954:...

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 CVSS score: 9.1, the...