CVE-2024-34748 |
Description: In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-34733 |
Description: In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-34732 |
Description: In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-29869 |
Description: Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
EPSS Score: 0.05%
January 29th, 2025 (6 months ago)
|
CVE-2024-23953 |
Description: Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
The problem occurs when an application doesn’t use a constant-time algorithm for validating a signature. The method Arrays.equals() returns false right away when it sees that one of the input’s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte. So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack.
More details in the reference section.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-13484 |
Description: A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-12807 |
Description: The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-12723 |
Description: The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
CVE-2024-0044 |
Description: In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 29th, 2025 (6 months ago)
|
![]() |
Description:
Nessus Plugin ID 214746 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:0272-1 advisory. This update for hplip fixes the following issues: Update to hplip 3.24.4 (jsc#PED-5846) - Added support for new printers: * HP OfficeJet 8120 All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet Pro 9720 Series * HP OfficeJet Pro 9730 Series * HP OfficeJet Pro 9130b series * HP OfficeJet Pro 9120b series * HP OfficeJet Pro 9110b series * HP Color LaserJet Enterprise Flow MFP X58045z * HP Color LaserJet Enterprise Flow MFP X58045zs * HP Color LaserJet Enterprise MFP X58045dn * HP Color LaserJet Enterprise MFP X58045 * HP LaserJet Pro P1106 plus * HP LaserJet Pro P1108 plus * HP LaserJet Tank MFP 1602a * HP LaserJet Tank MFP 1602w * HP LaserJet Tank MFP 1604w * HP LaserJet Tank MFP 2602dn * HP LaserJet Tank MFP 2602sdn * HP LaserJet Tank MFP 2602sdw * HP LaserJet Tank MFP 2602dw * HP LaserJet Tank MFP 2604dw * HP LaserJet Tank MFP 2604sdw * HP LaserJet Tank MFP 2603dw * HP LaserJet Tank MFP 2603sdw * HP LaserJet Tank MFP 2605...
January 29th, 2025 (6 months ago)
|