CVE-2024-41135 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2024-41134

CVE-2024-41134 affects HPE Aruba Networking EdgeConnect SD-WAN gateway CLI. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially leading to full system compromise. Documented impact is high (CVSS 3.1: 7.2, Netwo...

CVE-2024-21137

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2022-48857

In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100sendcomplete Syzbot reported UAF in port100sendcomplete. The root case is in missing usbkillurb calls on error handling path of -probe function. port100sendcomplete accesses devm allocat...

Oracle MySQL Server 8.x < 8.4.1 (January 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior an...

Oracle Enterprise Manager Cloud Control (Jul 2024 CPU)

The 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install Apach...

CVE-2024-21125

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21161

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2024-21171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21173

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2024-21160

CVE-2024-21160 (Oracle MySQL/InnoDB) affects MySQL Server:InnoDB in Oracle MySQL. Affected are 8.0.36 and prior, and 8.3.0 and prior. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or crash (complete DOS) of MySQL Server. Public detai...

CVE-2024-40998

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimitstate-lock access in ext4fillsuper In the following concurrency we will access the uninitialized rs-lock: ext4fillsuper ext4registersysfs // sysfs registered msgratelimitintervalms // Other...

CVE-2022-48792 scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sastask Currently a use-after-free may occur if a sastask is aborted by the upper layer before we handle the I/O completion in mpisspcompletion or mpisatacompletion. In this...

Malicious code in ganz (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da0cfb84de08c6319a13e73e58a0e448076e4a19c60e5e9062a34d8c70f200f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-39480 kdb: Fix buffer overflow during tab-complete

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed symbol into the command buffer. Unfortunately it passes the size of t...

CVE-2024-39480 kdb: Fix buffer overflow during tab-complete

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed symbol into the command buffer. Unfortunately it passes the size of t...

MAL-2024-7167 Malicious code in @zitterorg/dolor-voluptate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90324eaddfc88bbed7fa178751693ddfdc7d4564ad92a63ad555dd26a8f53ecc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RLSA-2024:4084 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

CVE-2024-6206

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system...

CVE-2024-6206

CVE-2024-6206 affects HPE Athonet Mobile Core software. The vulnerability is a code injection flaw that allows a threat actor to execute arbitrary commands with the privileges of the underlying container, potentially leading to a complete system takeover. Concrete affected version details are not...