3500 Rack Configuration, Part No. 129133-01 Security Vulnerabilities

CVE-2023-23916 affecting package rust 1.59.0-1

CVE-2023-23916 affecting package rust 1.59.0-1. No patch is available...

CVE-2023-23916 affecting package mysql 8.0.32-1

CVE-2023-23916 affecting package mysql 8.0.32-1. No patch is available...

CVE-2023-25136 affecting package openssh 8.9p1-3

CVE-2023-25136 affecting package openssh 8.9p1-3. This CVE either no longer is or was never...

CVE-2018-25078 affecting package man-db 2.8.4-5

CVE-2018-25078 affecting package man-db 2.8.4-5. This CVE either no longer is or was never...

CVE-2022-41722 affecting package golang 1.17.13-2

CVE-2022-41722 affecting package golang 1.17.13-2. No patch is available...

CVE-2023-25193 affecting package qt5-qtbase 5.12.11-7

CVE-2023-25193 affecting package qt5-qtbase 5.12.11-7. This CVE either no longer is or was never...

CVE-2023-0468 affecting package kernel 5.10.189.1-1

CVE-2023-0468 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-1941 affecting package protobuf 3.14.0-1

CVE-2022-1941 affecting package protobuf 3.14.0-1. No patch is available...

CVE-2022-3515 affecting package gnupg2 2.2.20-4

CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...

CVE-2022-4543 affecting package kernel 5.10.189.1-1

CVE-2022-4543 affecting package kernel 5.10.189.1-1. No patch is available...

CVE-2022-46176 affecting package rust 1.59.0-1

CVE-2022-46176 affecting package rust 1.59.0-1. No patch is available...

CVE-2022-44792 affecting package net-snmp 5.9-4

CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...

CVE-2022-43410 affecting package mercurial 5.4-2

CVE-2022-43410 affecting package mercurial 5.4-2. No patch is available...

CVE-2022-21626 affecting package openjdk8 1.8.0.332-2

CVE-2022-21626 affecting package openjdk8 1.8.0.332-2. No patch is available...

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4

CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4. This CVE either no longer is or was never...

CVE-2022-42969 affecting package python-py 1.10.0-1

CVE-2022-42969 affecting package python-py 1.10.0-1. No patch is available...

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

CVE-2021-3672 affecting package pgbouncer 1.16.1-1. This CVE either no longer is or was never...

CVE-2022-36055 affecting package helm 3.4.1-17

CVE-2022-36055 affecting package helm 3.4.1-17. No patch is available...

CVE-2021-3995 affecting package util-linux 2.32.1-7

CVE-2021-3995 affecting package util-linux 2.32.1-7. This CVE either no longer is or was never...

CVE-2021-33465 affecting package yasm 1.3.0-14

CVE-2021-33465 affecting package yasm 1.3.0-14. No patch is available...

CVE-2021-33464 affecting package yasm 1.3.0-14

CVE-2021-33464 affecting package yasm 1.3.0-14. No patch is available...

CVE-2021-33456 affecting package yasm 1.3.0-14

CVE-2021-33456 affecting package yasm 1.3.0-14. No patch is available...

CVE-2021-33454 affecting package yasm 1.3.0-14

CVE-2021-33454 affecting package yasm 1.3.0-14. No patch is available...

CVE-2021-3773 affecting package kernel 5.10.189.1-1

CVE-2021-3773 affecting package kernel 5.10.189.1-1. No patch is available...

platform-l.org Cross Site Scripting vulnerability OBB-3939546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bartlettltd.co.uk Cross Site Scripting vulnerability OBB-3939500

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

org-mode - security update

Bulletin has no...

emacs - security update

Bulletin has no...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

Metasploit Weekly Wrap-Up 06/28/2024

Unauthenticated Command Injection in Netis Router This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password...

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

TeamViewer Confirms Security Breach by Russian Midnight Blizzard

TeamViewer reassures users after a security breach targeted an employee account. The company claims no customer data...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....

CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

Security Bulletin: PowerSC is vulnerable to security restrictions bypass and denial of service due to Curl

Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...

Code Execution on Git update in github.com/hashicorp/go-getter

A crafted request can execute Git update on an existing maliciously modified Git Configuration. This can potentially lead to arbitrary code execution. When performing a Git operation, the library will try to clone the given repository to a specified destination. Cloning initializes a git config in....

CVE-2024-35116 IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

CVE-2024-35137

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...

CVE-2024-35137

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...

CVE-2024-35137 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: ...

Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062

Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...