Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26951)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26951 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2023-31084)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31084 advisory. - An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46759)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46759 advisory. - In the Linux kernel, the following vulnerability has been resolved: hwmon: adc128d818 Fix underflows seen wh...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46819)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46819 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing ob...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47695)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47695 advisory. - In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Reset cid to connum - 1 t...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50024)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50024 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The...

Azure Linux 3.0 Security Update: boost / cloud-hypervisor-cvm / cmake / erlang / grpc / mariadb / nmap / qt5-qtbase / teckit (CVE-2018-25032)

The version of boost / cloud-hypervisor-cvm / cmake / erlang / grpc / mariadb / nmap / qt5-qtbase / teckit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-25032 advisory. - zlib before 1.2.12 allo...

Azure Linux 3.0 Security Update: libcxx / llvm / rust (CVE-2024-31852)

The version of libcxx / llvm / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31852 advisory. - LLVM before 18.1.3 generates code in which the LR register can be overwritten without data bei...

Azure Linux 3.0 Security Update: python3 (CVE-2024-0450)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0450 advisory. - An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50006)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50006 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-27319)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27319 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the...

Azure Linux 3.0 Security Update: bind (CVE-2024-4076)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4076 advisory. - Client queries that trigger serving stale data and that also require lookups in local authoritative zone data M...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46719)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46719 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42072)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42072 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix maygoto with negative offset...

Azure Linux 3.0 Security Update: kernel (CVE-2024-40902)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40902 advisory. - In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for...

ICS testing best results. Hint: Blend your approach

TL;DR Onsite ICS testing is risk averse Laboratory ICS device testing uncovers more A blended approach is key How that works Demonstrable benefits Introduction For safety’s sake onsite ICS testing adopts a risk averse approach, even if scheduled during downtime or a maintenance period. It’s vital...

The vulnerability of the CoreAudio component in operating systems such as macOS, iOS, iPadOS, watchOS, tvOS, and visionOS allows a hacker to trigger a service failure.

The vulnerability of the CoreAudio component in macOS, iOS, iPadOS, watchOS, tvOS, and visionOS stems from insufficient testing of unusual or exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2022-36065

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

CVE-2022-46178

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...

CVE-2022-31055

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...