Hp 1810-24g, Hp 1810-48g, Hp 1810-8 V2 Switches Security Vulnerabilities

GHSA-797F-63WG-8CHV vulnerabilities

Vulnerabilities for packages: aws-cli-v2,...

GHSA-JM46-725R-HH9V vulnerabilities

Vulnerabilities for packages: aws-cli-v2,...

CVE-2024-0450 vulnerabilities

Vulnerabilities for packages: aws-cli-v2,...

CVE-2023-6597 vulnerabilities

Vulnerabilities for packages: aws-cli-v2,...

CVE-2021-3571 affecting package linuxptp 2.0-8

CVE-2021-3571 affecting package linuxptp 2.0-8. This CVE either no longer is or was never...

CVE-2019-20633 affecting package patch 2.7.6-8

CVE-2019-20633 affecting package patch 2.7.6-8. No patch is available...

CVE-2023-22609 affecting package binutils 2.37-8

CVE-2023-22609 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22604 affecting package binutils 2.37-8

CVE-2023-22604 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22607 affecting package binutils 2.37-8

CVE-2023-22607 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22606 affecting package binutils 2.37-8

CVE-2023-22606 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2022-41725 affecting package gcc 11.2.0-8

CVE-2022-41725 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...

CVE-2022-2990 affecting package buildah 1.18.0-8

CVE-2022-2990 affecting package buildah 1.18.0-8. This CVE either no longer is or was never...

CVE-2022-41724 affecting package gcc 11.2.0-8

CVE-2022-41724 affecting package gcc 11.2.0-8. This CVE either no longer is or was never...

CVE-2023-22605 affecting package binutils 2.37-8

CVE-2023-22605 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2023-22603 affecting package binutils 2.37-8

CVE-2023-22603 affecting package binutils 2.37-8. This CVE either no longer is or was never...

CVE-2020-25657 affecting package m2crypto 0.35.2-8

CVE-2020-25657 affecting package m2crypto 0.35.2-8. No patch is available...

CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8

CVE-2020-8563 affecting package kubernetes-1.18.14 1.18.14-8. No patch is available...

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8

CVE-2023-44487 affecting package kata-containers for versions less than 3.1.0-8. A patched version of the package is...

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...

BIT-bpftool-2021-45941

libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and...

Model Extraction from Neural Networks

A new paper, "Polynomial Time Cryptanalytic Extraction of Neural Network Models," by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results. This is much more theoretical than practical, but it's a...

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It...

Exploit for CVE-2024-37765

Description MachForm up to version 19 is affected by an...

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1854)

The remote host is missing an update for the Huawei...

OpenSSH -- Race condition resulting in potential remote code execution

The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

CVE-2016-20022

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1868)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-3840-1)

The remote host is missing an update for the...

Important Photon OS Security Update - PHSA-2024-4.0-0642

Updates of ['openssh'] packages of Photon OS have been...

FreeBSD-SA-24:04.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...

CVE-2024-39362

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: Unbind mux adapters before delete There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When...

CVE-2024-39298

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags:...

OpenSSH Server regreSSHion Remote Code Execution

...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java.....

CVE-2022-27540

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...

CVE-2022-27540

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...

CVE-2022-27540

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential...

Security Bulletin: SANnav software used by IBM b-type SAN directors and switches is affected by Oracle Java SE vulnerabilities

Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...

CVE-2023-2976 affecting package guava for versions less than 25.0-8

CVE-2023-2976 affecting package guava for versions less than 25.0-8. A patched version of the package is...

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in...