Important: kernel-livepatch-4.14.348-265.562

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.348-265.562 Issue Correction: Please ensure you have live patching enabled. Run yum update...

GHSA-HXWH-JPP2-84PM Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security...

CVE-2024-31905

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

USN-6962-1 libreoffice vulnerability

It was discovered that LibreOffice incorrectly allowed users to enable macros when a cryptographic signature failed to validate. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary macros...

ALPINE-CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

August 13, 2024—KB5041828 (Monthly Rollup)

August 13, 2024—KB5041828 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU onl...

June 11, 2024—KB5039260 (Monthly Rollup)

June 11, 2024—KB5039260 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only are...

August 13, 2024—KB5041851 (Monthly Rollup)

August 13, 2024—KB5041851 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only a...

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2024-42377 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2024-42377

CVE-2024-42377 concerns the SAP Shared Service Framework. The connected documents describe that an authenticated non-administrative user can call a remote-enabled function, enabling insertion of value entries into a non-sensitive table and resulting in low integrity impact to the application. The...

Important: kernel-livepatch-5.10.217-205.860

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-5.10.217-205.860 Issue Correction: Please ensure you have live patching enabled. Run yum update...

PT-2024-38393 · WordPress · Woocommerce - Social Login

Name of the Vulnerable Software and Affected Versions: WooCommerce - Social Login plugin for WordPress versions up to 2.7.5 Description: The issue is due to the use of loose comparison of the activation code in the woo slg confirm email user function. This makes it possible for unauthenticated...

CVE-2024-7464

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnetenabled leads to command injection. The attack may be initiated remotely. The exploit...

CLSA-2024-1722533082 kernel: Fix of 47 CVEs

afunix: Fix garbage collector racing against connect CVE-2024-26923 - netfilter: nftlimit: reject configurations that cause integer overflow CVE-2024-26668 - libbpf: Fix use-after-free in btfdumpnamedups CVE-2022-3534 - bpf: Fix partial dynptr stack slot reads/writes CVE-2023-39191 - ima: Fix...

PT-2024-29301 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote actor to make an arbitrary local...

UBUNTU-CVE-2024-41036

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851startxmitspi and ks8851irq: watchdog: BUG: soft...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

TOTOLINK A3100R Command Injection Vulnerability

The TOTOLINK A3100R is a wireless router. The TOTOLINK A3100R suffers from a command injection vulnerability that stems from improper handling of the telnetenabled parameter. An attacker can exploit this vulnerability to obtain sensitive information...

TOTOLINK A3600R 命令注入漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a command injection vulnerability that originates from improper handling of the telnetenabled parameter in the setTelnetCfg function of the /cgi-bin/cstecgi.cgi file. An...