SUSE-SU-2024:3775-1 Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600108 fixes one issue. The following security issue was fixed: - CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819...

CVE-2024-8067

In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...

CVE-2024-8067 Unicode "best fit" argument injection

In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP6) (SUSE-SU-2024:3398-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:3398-1 advisory. This update for the Linux Kernel 6.4.0-1506002314 fixes one issue. The following security issue was fixed: - CVE-2024-40909: Fix a potential...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2023:3079-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP5) (SUSE-SU-2023:3924-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3924-1 advisory. - A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If...

CVE-2023-38750

CVE-2023-38750 affects Zimbra Collaboration (ZCS) versions 8.x up to 8.8.15 Patch 41, 9.x up to 9.0.0 Patch 34, and 10.x up to 10.0.2, where internal JSP/XML files can be exposed (information disclosure). The vulnerability is linked to exposure of internal JSP and XML files and has been described...

SUSE SLES15 Security Update : kernel RT (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2023:2680-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2680-1 advisory. - atmtcenqueue in net/sched/schatm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2023:2043-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2043-1 advisory. - A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3605-1 advisory. - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the gue...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3406-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3406-1 advisory. - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition unmapmappingrange versus...

CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2...

Arbitrary file deletion

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2...

SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP3) (SUSE-SU-2022:1849-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1849-1 advisory. - A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This fla...

Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993)

Summary IBM QRadar SIEM is vulnerable to path traversal attack. Vulnerability Details CVEID: CVE-2020-4993 DESCRIPTION: IBM QRadar SIEM when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. CVSS Base score: 4.9 CVSS Tempor...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932)

Summary IBM QRadar SIEM contains hard-coded credentials Vulnerability Details CVEID: CVE-2020-4932 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...

Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerab...

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 2

Package name:xms10.13.0.10212.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces:xms10.13.0.10129.bin Date:February, 2021 Languages supported:English US Readme version:1.00 Readme Revision History Version| Date| Change Description ---|---|--- 1.00| February, 2021| Initia...

Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787)

Summary IBM QRadar SIEM is vulnerable to Server Side Request Forgery Vulnerability Details CVEID: CVE-2020-4787 DESCRIPTION: IBM QRadar is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...