gtk3 security update

3.22.30-12 - Stop loading modules from cwd CVE-2024-6655 - Resolves: RHEL-46988...

EulerOS 2.0 SP8 : shim (EulerOS-SA-2024-2489)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summar...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to writing beyond the buffer boundary, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of Web page rendering modules in WebKitGTK and WPE WebKit relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-2)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6999-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ruby Gem Modules Installed (Windows)

Binary data rubymoduleswininstalled.nbin...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7029-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7029-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules (CVE-2024-39338, CVE-2024-43800, CVE-2024-43799, CVE-2024-43796).

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules axios CVE-2024-39338, expressjs serve-static CVE-2024-43800, pillarjs send CVE-2024-43799 and expressjs express CVE-2024-43796. This bulletin identifies the steps to take to address the...

CVE-2024-46771 can: bcm: Remove proc entry when dev is unregistered.

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...

@backstage/backend-dynamic-feature-service (>=0.0.0-nightly-20240116021644 <=0.0.0-nightly-20260530032139), @backstage/plugin-catalog-backend-module-aws (>=0.0.0-nightly-20220219022334 <=0.1.2-next.0) +25 more potentially affected by CVE-2024-45815 via @backstage/plugin-catalog-backend (>=0.0.0-nightly-20220708025041 <=0.5.5)

@backstage/plugin-catalog-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220219022334, =0.0.0-nightly-20220308022132, =0.0.0-nightly-20220311022539, =0.0.0-nightly-20220531024457, =0.0.0-nightly-20220810023539, =0.0.0-nightly-20220422024928,...

RHSA-2015:0831 Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Bulletin has no description...

RHSA-2015:0789 Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Bulletin has no description...

RHSA-2017:0359 Red Hat Security Advisory: openstack-puppet-modules security update

Bulletin has no description...

RHSA-2017:0361 Red Hat Security Advisory: openstack-puppet-modules security update

Bulletin has no description...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to writing beyond the buffer boundary, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of Web page rendering modules in WebKitGTK and WPE WebKit relates to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7008-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7008-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7005-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7004-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7004-1 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

CVE-2024-8097

An exposure of sensitive information flaw via an unauthorized actor vulnerability was found in the Payara Platform Payara Server logging modules. This issue allows sensitive credentials to be posted in plain text on the server log. Mitigation Mitigation for this issue is either not available or t...

CVE-2024-8097

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server Logging modules allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 befo...