UBUNTU-CVE-2024-38570

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior t...

USN-6818-4: Linux kernel (HWE) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 It was...

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing 3.2.1 operator containers security update

Red Hat OpenShift distributed tracing 3.2.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

[SECURITY] Fedora 40 Update: booth-1.2-1.fc40

Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in Pacemaker...

OPENSUSE-SU-2024:11766-1 python38-distributed-2022.1.0-1.1 on GA media

These are all security issues fixed in the python38-distributed-2022.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

RLSA-2024:3661 Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

booth security update

An update is available for booth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

booth security update

An update is available for booth. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Booth cluster ticket manager is a component to bridge high availability...

RLSA-2024:3659 Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6818-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...

USN-6819-3: Linux kernel (OEM) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

USN-6819-2: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

USN-6828-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

CVE-2024-30063

Windows Distributed File System DFS Remote Code Execution Vulnerability...

CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability

...

CVE-2024-30063

Technical details for CVE-2024-30063 are not provided in the connected documents. The initial description notes a DFS RCE vulnerability but there are no explicit affected products/versions or fixes in the supplied materials. Monitor for updates.

Microsoft Windows Distributed File System Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Distributed File System DFS. An attacker exploiting this vulnerability could remotely execute code. The following products and version...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise KOP & cloud/SaaS Kiuwan Local Analyzer KLA vulnerable version: Kiuwan SAST 2.8.2402.3 Kiuwan Local...