Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training Security Vulnerabilities

RHEL 8 / 9 : OpenShift Container Platform 4.13.42 (RHSA-2024:2877)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2877 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2024:2985)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2985 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 8 : .NET 7.0 (RHSA-2024:3340)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3340 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

YITH WooCommerce Ajax Search < 2.4.1 - Unauthenticated Stored Cross-Site Scripting

Description The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject....

VMware Workstation Multiple Vulnerabilities (VMSA_2024_0010) - Linux

VMware Workstation is prone to multiple ...

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security...

RHEL 8 : harfbuzz (RHSA-2024:2980)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2980 advisory. HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): * harfbuzz: allows attackers to trigger O(n^2) growth via consecutive...

gstreamer1-plugins-good security update

[1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves:...

RHEL 8 : frr (RHSA-2024:2981)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2981 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP,...

openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer...

RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

RHEL 8 : glibc (RHSA-2024:3269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3269 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...

RHEL 8 : kernel-rt (RHSA-2024:2950)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2950 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

RHEL 8 : pcp (RHSA-2024:3324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 8 : grub2 (RHSA-2024:3184)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3184 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with...

RHEL 8 : openssh (RHSA-2024:3166)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3166 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 8 : thunderbird (RHSA-2024:3338)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3338 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fix(es): *...

RHEL 8 : go-toolset:rhel8 (RHSA-2024:3259)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3259 advisory. An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as.....

Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Image Gallery Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

RHEL 8 : zziplib (RHSA-2024:3127)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3127 advisory. The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: invalid memory access at...

RHEL 8 : gstreamer1-plugins-bad-free (RHSA-2024:3060)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3060 advisory. An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as.....

Certain HP LaserJet Pro Printers – Potential Information Disclosure

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Update your printer...

RHEL 8 : xorg-x11-server-Xwayland (RHSA-2024:3343)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3343 advisory. Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in...

RHEL 7 : kernel (RHSA-2024:3318)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3318 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nf_tables: use-after-free...

RHEL 8 : traceroute (RHSA-2024:3211)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3211 advisory. The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): *...

RHEL 8 : libsndfile (RHSA-2024:3030)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3030 advisory. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile:...

RHEL 8 : git-lfs (RHSA-2024:3346)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3346 advisory. Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git,...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade...

Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.100_security-7 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections.....

Apache Tomcat 9.0.0.M1 < 9.0.0.M21

The version of Tomcat installed on the remote host is prior to 9.0.0.M21. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.0.m21_security-9 advisory. The error page mechanism of the Java Servlet Specification requires that, when an error occurs and...

RHEL 9 : kernel (RHSA-2024:3306)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3306 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

RHEL 8 : pmix (RHSA-2024:3008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3008 advisory. The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended...

RHEL 8 : systemd (RHSA-2024:3203)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3203 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fix(es): * Incomplete fix for CVE-2023-39325/CVE-2023-44487 in...

Apache Tomcat 8.0.0.RC1 < 8.0.44

The version of Tomcat installed on the remote host is prior to 8.0.44. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.0.44_security-8 advisory. The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an ...

RHEL 8 : perl-CPAN (RHSA-2024:3094)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3094 advisory. The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fix(es): * perl: CPAN.pm does not verify TLS...

RHEL 8 : krb5 (RHSA-2024:3268)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3268 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of...

RHEL 7 : kernel (RHSA-2024:3319)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3319 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables:...

RHEL 8 : ghostscript (RHSA-2024:2966)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2966 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

RHEL 8 : libxml2 (RHSA-2024:3299)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3299 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: use-after-free...

RHEL 8 : httpd:2.4 (RHSA-2024:3121)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3121 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_macro:...

RHEL 8 : 389-ds:1.4 (RHSA-2024:3047)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3047 advisory. 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP)...

RHEL 8 : libX11 (RHSA-2024:2973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2973 advisory. The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: out-of-bounds memory access in...

RHEL 8 : python27:2.7 (RHSA-2024:2987)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2987 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level...

RHEL 9 : pcp (RHSA-2024:3325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3325 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 8 : pcp (RHSA-2024:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Testimonial Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial and Image Gallery blocks due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and...

RHEL 9 : glibc (RHSA-2024:3339)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3339 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

Certain HP LaserJet Pro – Potential Cross-Site Scripting (XSS)

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Update your printer...

RHEL 8 : glibc (RHSA-2024:3344)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3344 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...