CVE-2024-47831 Next.js image optimization has Denial of Service condition

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

PT-2024-7169 · Vercel · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting

The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and...

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

OPENSUSE-SU-2024:0319-1 Security update for coredns

This update for coredns fixes the following issues: Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forward plugin 6681 fix: plugin/file: return error when parsing the file fails 6699 fix:documentation...

September 26, 2024—KB5043145 (OS Builds 22621.4249 and 22631.4249) Preview

September 26, 2024—KB5043145 OS Builds 22621.4249 and 22631.4249 Preview 07/09/24---END OF SERVICE NOTICE ---IMPORTANT Home and Pro editions of Windows 11, version 22H2 will reach end of service on October 8, 2024. Until then, these editions will only receive security updates. They will not...

Release Information for Veeam Backup for Nutanix AHV 6.1

This update has been superseded by Veeam Backup for Nutanix AHV 7.0, which was released alongside and supports only Veeam Backup & Replication 12.3. Requirements To upgrade to Veeam Backup for Nutanix AHV 6.1, download the installer below and run it on the Veeam Backup & Replication server that...

Harnessing the Power of Cloud App Development and DevOps for Modern Businesses

Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…...

python3.12 security update

3.12.5-2 - Security fix for CVE-2024-8088 Resolves: RHEL-55939 3.12.5-1 - Update to 3.12.5 - Security fix for CVE-2024-6923 Resolves: RHEL-53075 3.12.4-3 - Properly propagate the optimization flags to C extensions 3.12.4-2 - Build Python with -O3 -...

Hotfix XS82ECU1075 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on the Customer Success Services program. Where To Get This Hotfix Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-39249)

Summary There is a vulnerability in Async used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...

Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...

SUSE-SU-2024:3267-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142: Updated otelhttp to version 0.46.1 bsc1228556 - Require Go 1.20 for building - Migrate from disabled to manual...

Next.js Remote Patterns Server-Side Request Forgery

Next.js framework embeds an image optimization component which is enabled by default and allows dynamic resizing when requested. This feature leverages the 'next.config.js' configuration file to ensure that the target host being requested is allowed. When misconfigured, a remote and unauthenticat...

PT-2024-34100

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the caller supplies an iocb-ki pos value close to the filesystem upper limit, and an iterator with a count that causes an overflow of that limit, resulting in...

mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled

...

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

NetScaler - How to Integrate NetScaler and Exchange Server when Content Switch is Involved.

How to Integrate NetScaler and Exchange Server when Content Switch is Involved...